App security is hard. Whether it’s permissions, firewall protocols, or making sure the API is sealed up tight, it’s no secret that creating a safe, reliable, and secure application for the Android platform is anything but simple.
Thankfully, that’s where companies like Facebook come in, believe it or not. Not widely known in the industry as one of the leaders on the internet security front, Facebook is looking to diversify their portfolio of software and hardware applications with their newest entry into the field: “Conceal”.
Conceal is an open-source library of code — available to any developer willing to pay the entrance fee — that is capable of taking random applications and automatically tightening up their security in a variety of ways that make it easier for programmers to keep their customers safe.
Most apps currently on the market utilize the SD card to store sensitive data like authentication tokens in order to save on bandwidth and resource costs. While this is an efficient method of being sure the app runs smoothly, it also proposes a unique risk to anyone who browses the web, watches YouTube, or download programs onto their phone daily.
All of these activities use the same SD card to store temporary files and cached data, which means that if any of it comes with an infection, it has the potential to access all the files stored on the same card, including information held in completely separate areas of the phone or tablet that’s been corrupted.
“[To get around this problem,] many develop one-off solutions themselves,” Facebook software engineer Subodh Iyengar told Ars Technica. “One objective of releasing Conceal is to enable other developers to quickly get up and running. We also believe that libraries get better with contributions and feedback from the community, and the community support can help improve the performance and security of this library.”
Along with the basic tools necessary to provide users with a trojan-free app experience, Conceal also makes personalized recommendations on the best security settings that are possible for each individual app.
This means that programmers don’t have to waste their time pentesting a million different vectors to see which combination provides the best balance of privacy vs. efficiency, saving developers and the people who buy their products thousands of dollars in the process.
You can find out more about Conceal here, and even download the library for yourself if you’re planning on releasing the next great Android app anytime soon.