In an odd twist of fate, Facebook now wants to protect our data. The social giant, who has had their fair share of information snafus, is now releasing their Java API, which protects information on your SD card. Built for speed, and said to be smaller than other cryptography standards, Conceal might end up the best solution.
In a blog post, Software Engineer for Facebook Subodh Iyengar said “We saw an opportunity to do things better and decided to encrypt the private data that we stored on the SD card so that it would not be accessible to other apps”. He goes on to say that current standards are ricky to get right, and ineffective.
With Conceal, Facebook creates a type of dual layer protection. “We instead use AES-GCM which is an authenticated encryption algorithm that not only encrypts the data but also computes a MAC [Message Authentication Code] of the data at the same time.” By abstracting security, Facebook thinks they can bypass known vulnerabilities and weaknesses. It’s also meant for long term growth, as future versions will be reverse compatible to previously encrypted data.
Facebook is releasing it as an open source API, so anyone can take advantage. Though the idea is interesting, and sounds the part, it could be a dying utility. SD cards are increasingly rare, as many newer Android devices are shipping without SD cards. Hopefully, if this works as well on your device as it reads on paper, Facebook can turn it into a standard elsewhere.