Interview Bank
  • Interview Bank
  • Web
    • Persistent Connection and Non Persistent
    • CDN
    • Code Review
    • JWT
      • JWT vs Session Based Authentication
      • JWT Challenge
      • JWE
      • JWS
    • Content Security Policy (CSP)
    • Same-origin Policy (SOP)
    • Cross-Origin Resource Sharing (CORS)
      • Exploiting CORS
    • HTTP Strict Transport Security (HSTS)
    • SQL Injection (SQLi)
    • Password Encryption in Login APIs
    • API Security
      • API Principles
    • Simple bypass PHP
    • Server-side Template Injection (SSTI)
    • Javascript Object and Inheritance
    • HTTP/2
    • Cookie vs Local vs session Storage
    • XML External Entity (XXE)
    • What happened when enter domain name in browser
    • Prototype Pollution - Part 1
    • Prototype Pollution - Part 2
    • Nginx vs Apache
  • OT Security
    • Securing Operational Technology: Understanding OT Security
  • Quantum Computing
    • Quantum Computing: Unveiling the Cryptographic Paradigm Shift
    • Quantum Obfuscation: Shielding Code in the Quantum Era
  • DevSecOps
    • Continuous Integration/Continuous Deployment Pipeline Security
    • Chaos Engineering Overview
      • Security Chaos Engineering
    • Mysql VS redis
    • Kubernetes (k8s)
    • How MySQL executes query
    • REDIS
    • Difference between cache and buffer
  • Windows
    • Pentesting Active Directory - Active Directory 101
    • Pentesting Active Directory - Kerberos (Part 1)
    • Pentesting Active Directory - Kerberos (Part 2)
    • AD vs Kerberos vs LDAP
    • Active Directory Certificate Services Part 1
    • Unconstrained Delegation
    • AS-REP Roasting
    • NTLM Relay via SMB
    • LLMRN
    • Windows lateral movement
    • Constrained Delegation
    • Resource-Based Constrained Delegation
    • IFEO (lmage File Execution Options) Hijacking
  • UNIX
    • Setuid
  • Large Language Models (LLMs)
    • Tokens
    • LangChain
    • Integration and Security
  • Android
    • Keystore
  • Red team development
    • Secure C2 Infrastructure
    • P Invoke in c#
    • D Invoke
    • ExitProcess vs ExitThread
  • Blue Team
    • Indicators of Compromise
    • Methods to prevent Email domain spoofing
    • Windows Prefetching
  • CVE
    • XZ Outbreak CVE-2024-3094
    • Log4J Vulnerability (CVE-2021-44228)
    • SolarWinds Hack (CVE-2020-10148)
    • PHP CGI RCE (CVE-2024-4577)
    • Windows Recall
  • Software Architecture
    • Microservices
    • KVM
  • Docker
    • Overview
    • Daemon Socket
    • Tips to reduce docker size
  • Blockchain
    • Overview
    • Smart Contract
  • Business Acumen
    • Market Research Reports and Perception
    • Understanding Acquisitions
    • Cybersecurity as a Business Strategy
  • Cyber Teams
    • Introduction to Purple Teaming
  • Malware
    • Dynamic Sandbox Limitations
Powered by GitBook
On this page
  • Overview
  • Keystore vs Keychain
  • Keystore Security Features
  • Extraction Prevention
  • Hardware Security Module
  • Key Use Authorisations
  • Is Keystore 100% Secure?
  • Interview Questions
  • Author
  • References
  1. Android

Keystore

PreviousIntegration and SecurityNextSecure C2 Infrastructure

Last updated 1 year ago

Overview

Android keystore is a container within the android system to securely store cryptographic keys for any applications. These keys are used by applications for various encryption/decryption process within their application.

Keystore vs Keychain

Keychain offers system-wide credentials and flexibility for user to select which key the application can use across different applications. Keystore only lets credentials be accessed within the application it has rights to. Having a secure container would help prevent key leaking to other similar privileged applications that may have malicious functions. User do not need to select credentials for applications that uses keystore.

Keystore Security Features

Extraction Prevention

System process takes in data from the application and make use of the stored key and given parameters to perform cryptographic operations. Furthermore, stored keys are bounded to Android or Secure Element (SE) which prevents key extraction even if device is compromise. However, it does not prevent usage of stored keys if application is compromised (e.g. Frida hooks)

Hardware Security Module

Android 9 and above have that contains its own set of hardware modules and resources not used by standard Android OS and kernel. It offers mechanisms to prevent tampering of data within the keystore and secure storage to prevent unauthorised access. Unfortunately, not every android device supports StrongBox. List of supported devices:

Key Use Authorisations

Feature for applications to only authorise specific tasks to make use of the cryptographic keys. Temporal validity interval can be implemented to allow specified time range to use the cryptograhpic keys and/or user authentication via biometric or lock screen checks. Both features could still be bypassed with the combination of Frida hooking to reset the time as well as disabling user's lock screen credentials.

Is Keystore 100% Secure?

Android developer documentation states that keystore helps reduce risk of authorised use of cryptographic key outside and within the android device. As mentioned previously, the main issue is still security of android application.

This is a guide to monitor encryption process within the application:

Frida script to extract keystore via hooking of application:

A whole suite of documentation about Android Keystore Security, bypass and mitigations:

Interview Questions

  • Could you explain the difference between android keystore and keychain?

  • What are the security features of using android keystore?

  • Are there any methods to bypass android keystore?

Author

References

Furthermore, if the device is rooted, keystore is no longer secure and can be accessed with privileged rights:

🍞

Trusted Execution Environment
StrongBox
here
Zheng Jie
Remote Rocketship - Android Security Questions
Android - Keystore System
KC57 - Frida to Monitor Encryption
Codeshare - Frida Extract Keystore
WithSecure - Android Keystore authentication
Huli - Android App Reverse Engineering
LogoMobile Hacking: Using Frida to Monitor EncryptionKc57
LogoHow Secure is your Android Keystore Authentication?
LogoFrida CodeShare