Facebook has just made available a new set of cryptographic API for developers on Android. Aptly named Conceal, this Java library will allow app developers to encrypt data, even large ones, on disk in the most resource efficient way.
The testimony of Conceal’s promise can be found in Facebook’s own Android app. It uses Conceal to encrypt Facebook images and store them on the SD card. This allows users to transfer app data safely and securely from phone storage to an external SD card to free up space on the device.
Conceal uses algorithms from OpenSSL but is able to keep things light by not shipping with the whole library but including only those parts that it needs. Other than the space-saving benefits, it also allows Conceal to make use of AES-GCM encryption, a feature that is absent from OpenSSL on older Android versions. This as well as its lightweight features make Conceal ideal for use even on older or less powerful Android devices.
However, the API does have some disadvantages. Conceal does one thing and does it well, but it isn’t a one size fits all cryptographic library. It doesn’t have all the bells and whistles and, when faced with multiple options, defaults to those that Facebook deems to be more appropriate for the use case. As such, it might not suit the taste of all developers. Facebook has, fortunately, released Conceal under an open source BSD license for other developers to use and modify to their needs. Facebook even encourages developers to report bugs and security vulnerabilities should they encounter some issues with Conceal.