Is it feasible to create a secure, offline Android app with a PIN code login and local app data encryption, resistant to technical attacks, including root access and tools like Frida?
The app's own PIN code login at launch adds a security layer, especially in cases where the device's primary passcode is compromised – like in thefts or when shared among family or colleagues. Let's assume the attacker might know the device's main passcode, biometrics, or has a legit single user account in the device. Thus, the app's PIN code implementation needs to be robust enough to maintain security independently.
Key challenges involve protecting against internal attackers who could root the device, evade root detection, alter the app's runtime code and execution flows, intercept KeyStore API calls, and gain complete memory access. Assume PIN codes are relevantly short (they are) and rate-limiting and attempt counters attempt to mitigate guessing attacks. Assume PIN code could be brute forced, if its hash is ever exposed.
Observations:
- Root users can hook all KeyStore APIs, making the app's encryption routines accessible to attackers.
- The app's PIN code, used as a derived key for local encryption, lacks sufficient entropy, failing to address the issue effectively.
- The PIN code counter is stored in the app's local storage as encrypted data and is set to be wiped after a certain number of invalid attempts. However, a root user could circumvent this by taking a snapshot of the app's local files and restoring them after each guess, effectively allowing unlimited guesses.
- Storing local encryption keys on a backend server would simplify PIN code validation and mitigation measures. However, the focus is on finding a solution that works offline.
- I assume a root-resistant KeyStore API should offer an encryption service where API usage would require a custom app PIN code, but that does not exists, does it