Initial commit

.gitignore

@@ -62,4 +62,4 @@ fastlane/report.xml
 fastlane/Preview.html
 fastlane/screenshots
 fastlane/test_output
-fastlane/readme.md
+fastlane/readme.md

app/.gitignore

@@ -0,0 +1 @@
+/build

app/build.gradle

@@ -0,0 +1,37 @@
+apply plugin: 'com.android.application'
+
+apply plugin: 'kotlin-android'
+
+apply plugin: 'kotlin-android-extensions'
+
+android {
+    compileSdkVersion 29
+    buildToolsVersion "29.0.2"
+    defaultConfig {
+        applicationId "com.example.androidsecurity"
+        minSdkVersion 23
+        targetSdkVersion 29
+        versionCode 1
+        versionName "1.0"
+        testInstrumentationRunner "androidx.test.runner.AndroidJUnitRunner"
+    }
+    buildTypes {
+        release {
+            minifyEnabled false
+            proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro'
+        }
+    }
+}
+
+dependencies {
+    implementation fileTree(dir: 'libs', include: ['*.jar'])
+    implementation"org.jetbrains.kotlin:kotlin-stdlib-jdk7:$kotlin_version"
+    implementation 'androidx.appcompat:appcompat:1.1.0'
+    implementation 'androidx.core:core-ktx:1.1.0'
+    implementation 'com.squareup.okhttp3:okhttp:3.12.6'
+    implementation 'androidx.constraintlayout:constraintlayout:1.1.3'
+    implementation 'androidx.security:security-crypto:1.0.0-alpha02'
+    testImplementation 'junit:junit:4.12'
+    androidTestImplementation 'androidx.test.ext:junit:1.1.1'
+    androidTestImplementation 'androidx.test.espresso:espresso-core:3.2.0'
+}

app/proguard-rules.pro

@@ -0,0 +1,21 @@
+# Add project specific ProGuard rules here.
+# You can control the set of applied configuration files using the
+# proguardFiles setting in build.gradle.
+#
+# For more details, see
+#   http://developer.android.com/guide/developing/tools/proguard.html
+
+# If your project uses WebView with JS, uncomment the following
+# and specify the fully qualified class name to the JavaScript interface
+# class:
+#-keepclassmembers class fqcn.of.javascript.interface.for.webview {
+#   public *;
+#}
+
+# Uncomment this to preserve the line number information for
+# debugging stack traces.
+#-keepattributes SourceFile,LineNumberTable
+
+# If you keep the line number information, uncomment this to
+# hide the original source file name.
+#-renamesourcefileattribute SourceFile

app/src/androidTest/java/com/example/androidsecurity/ExampleInstrumentedTest.kt

@@ -0,0 +1,24 @@
+package com.example.androidsecurity
+
+import androidx.test.platform.app.InstrumentationRegistry
+import androidx.test.ext.junit.runners.AndroidJUnit4
+
+import org.junit.Test
+import org.junit.runner.RunWith
+
+import org.junit.Assert.*
+
+/**
+ * Instrumented test, which will execute on an Android device.
+ *
+ * See [testing documentation](http://d.android.com/tools/testing).
+ */
+@RunWith(AndroidJUnit4::class)
+class ExampleInstrumentedTest {
+    @Test
+    fun useAppContext() {
+        // Context of the app under test.
+        val appContext = InstrumentationRegistry.getInstrumentation().targetContext
+        assertEquals("com.example.androidsecurity", appContext.packageName)
+    }
+}

app/src/main/AndroidManifest.xml

@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="utf-8"?>
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+    package="com.example.androidsecurity">
+
+    <uses-permission android:name="android.permission.INTERNET" />
+    <application
+        android:allowBackup="true"
+        android:icon="@mipmap/ic_launcher"
+        android:label="@string/app_name"
+        android:roundIcon="@mipmap/ic_launcher_round"
+        android:supportsRtl="true"
+        android:theme="@style/AppTheme">
+        <activity android:name=".MainActivity">
+            <intent-filter>
+                <action android:name="android.intent.action.MAIN" />
+
+                <category android:name="android.intent.category.LAUNCHER" />
+            </intent-filter>
+        </activity>
+    </application>
+
+</manifest>

app/src/main/java/com/example/androidsecurity/MainActivity.kt

@@ -0,0 +1,153 @@
+package com.example.androidsecurity
+
+import androidx.appcompat.app.AppCompatActivity
+import android.os.Bundle
+import android.util.Log
+import androidx.core.content.edit
+import androidx.security.crypto.EncryptedFile
+import androidx.security.crypto.EncryptedSharedPreferences
+import androidx.security.crypto.MasterKeys
+import kotlinx.android.synthetic.main.activity_main.*
+import okhttp3.*
+import java.io.*
+
+class MainActivity : AppCompatActivity() {
+
+    private val encryptedPrefs by lazy {
+        EncryptedSharedPreferences.create(
+            PREFS_FILENAME,
+            masterKeyAlias,
+            this.applicationContext,
+            EncryptedSharedPreferences.PrefKeyEncryptionScheme.AES256_SIV,
+            EncryptedSharedPreferences.PrefValueEncryptionScheme.AES256_GCM
+        )
+    }
+
+    private val file by lazy { File(filesDir, ENCRYPTED_FILE_NAME) }
+
+    private val encryptedFile by lazy {
+        EncryptedFile.Builder(
+            file,
+            this.applicationContext,
+            masterKeyAlias,
+            EncryptedFile.FileEncryptionScheme.AES256_GCM_HKDF_4KB
+        ).build()
+    }
+
+    override fun onCreate(savedInstanceState: Bundle?) {
+        super.onCreate(savedInstanceState)
+        setContentView(R.layout.activity_main)
+        setupListeners()
+    }
+
+    private fun setupListeners() {
+        securePrefsSave.setOnClickListener { encryptString(securePrefsInput.text.toString()) }
+        securePrefsLoad.setOnClickListener { result.text = decryptString() }
+        fileDownload.setOnClickListener { downloadAndEncryptFile() }
+        fileDelete.setOnClickListener { deleteFile() }
+        fileLoad.setOnClickListener { readFile() }
+        fileDecrypt.setOnClickListener { decryptAndReadFile() }
+    }
+
+    private fun encryptString(value: String) {
+        encryptedPrefs.edit {
+            putString(ENC_KEY, value)
+            apply()
+        }
+        result.text = getString(R.string.value_encrypted)
+    }
+
+    private fun decryptString(): String? = encryptedPrefs.getString(ENC_KEY, null)
+
+    private fun deleteFile() {
+        var success = false
+        if (file.exists()) {
+            success = file.delete()
+        }
+        result.text = getString(if (success) R.string.file_deleted else R.string.file_delete_error)
+    }
+
+    private fun downloadAndEncryptFile() {
+        if (file.exists()) {
+            Log.i("TAG", "Encrypted file already exists!")
+            result.text = getString(R.string.file_exists)
+        } else {
+            Log.e("TAG", "Encrypted file does not exist exists! Downloading...")
+            val request = Request.Builder().url(FILE_URL).build()
+            okHttpClient.newCall(request).enqueue(
+                object : Callback {
+                    override fun onFailure(call: Call, e: IOException) {
+                        result.text = e.message
+                        Log.e("TAG", "Error occurred!", e)
+                    }
+
+                    override fun onResponse(call: Call, response: Response) {
+                        onFileDownloaded(response.body()?.bytes())
+                    }
+                }
+            )
+        }
+    }
+
+    private fun onFileDownloaded(bytes: ByteArray?) {
+        runOnUiThread {
+            var encryptedOutputStream: FileOutputStream? = null
+            try {
+                encryptedOutputStream = encryptedFile.openFileOutput()
+                bytes?.let { nonNullBytes -> encryptedOutputStream.write(nonNullBytes) }
+                result.text = getString(R.string.file_downloaded)
+            } catch (e: Exception) {
+                Log.e("TAG", "Could not open encrypted file", e)
+                result.text = e.message
+            } finally {
+                encryptedOutputStream?.close()
+            }
+        }
+    }
+
+    private fun decryptAndReadFile() {
+        Log.i("TAG", "Encrypting file...")
+        var encryptedInputStream: FileInputStream? = null
+        try {
+            encryptedInputStream = encryptedFile.openFileInput()
+            val reader = BufferedReader(InputStreamReader(encryptedInputStream))
+            var text = ""
+            reader.forEachLine { line -> text += "$line \n" }
+            Log.e("TAG", text)
+            result.text = text
+        } catch (e: Exception) {
+            Log.e("TAG", "Error occurred when reading encrypted file", e)
+            result.text = e.message
+        } finally {
+            encryptedInputStream?.close()
+        }
+    }
+
+    private fun readFile() {
+        Log.i("TAG", "Loading encrypted file...")
+        var encryptedInputStream: FileInputStream? = null
+        try {
+            encryptedInputStream = file.inputStream()
+            val reader = BufferedReader(InputStreamReader(encryptedInputStream))
+            var text = ""
+            reader.forEachLine { line -> text += "$line \n" }
+            result.text = text
+        } catch (e: Exception) {
+            Log.e("TAG", "Error occurred when reading encrypted file", e)
+            result.text = e.message
+        } finally {
+            encryptedInputStream?.close()
+        }
+    }
+
+    companion object {
+        val masterKeyAlias = MasterKeys.getOrCreate(MasterKeys.AES256_GCM_SPEC)
+        val okHttpClient: OkHttpClient = OkHttpClient.Builder().build()
+        const val ENC_KEY = "ENCRYPT_KEY"
+        const val PREFS_FILENAME = "ENCRYPTED_PREFS"
+
+        const val ENCRYPTED_FILE_NAME = "ENCRYPTED_FILE_NAME"
+        const val FILE_URL =
+            "https://raw.githubusercontent.com/stramek/Android-Security-Playground/master/README.md"
+    }
+}

app/src/main/res/drawable-v24/ic_launcher_foreground.xml

@@ -0,0 +1,34 @@
+<vector xmlns:android="http://schemas.android.com/apk/res/android"
+    xmlns:aapt="http://schemas.android.com/aapt"
+    android:width="108dp"
+    android:height="108dp"
+    android:viewportWidth="108"
+    android:viewportHeight="108">
+    <path
+        android:fillType="evenOdd"
+        android:pathData="M32,64C32,64 38.39,52.99 44.13,50.95C51.37,48.37 70.14,49.57 70.14,49.57L108.26,87.69L108,109.01L75.97,107.97L32,64Z"
+        android:strokeWidth="1"
+        android:strokeColor="#00000000">
+        <aapt:attr name="android:fillColor">
+            <gradient
+                android:endX="78.5885"
+                android:endY="90.9159"
+                android:startX="48.7653"
+                android:startY="61.0927"
+                android:type="linear">
+                <item
+                    android:color="#44000000"
+                    android:offset="0.0" />
+                <item
+                    android:color="#00000000"
+                    android:offset="1.0" />
+            </gradient>
+        </aapt:attr>
+    </path>
+    <path
+        android:fillColor="#FFFFFF"
+        android:fillType="nonZero"
+        android:pathData="M66.94,46.02L66.94,46.02C72.44,50.07 76,56.61 76,64L32,64C32,56.61 35.56,50.11 40.98,46.06L36.18,41.19C35.45,40.45 35.45,39.3 36.18,38.56C36.91,37.81 38.05,37.81 38.78,38.56L44.25,44.05C47.18,42.57 50.48,41.71 54,41.71C57.48,41.71 60.78,42.57 63.68,44.05L69.11,38.56C69.84,37.81 70.98,37.81 71.71,38.56C72.44,39.3 72.44,40.45 71.71,41.19L66.94,46.02ZM62.94,56.92C64.08,56.92 65,56.01 65,54.88C65,53.76 64.08,52.85 62.94,52.85C61.8,52.85 60.88,53.76 60.88,54.88C60.88,56.01 61.8,56.92 62.94,56.92ZM45.06,56.92C46.2,56.92 47.13,56.01 47.13,54.88C47.13,53.76 46.2,52.85 45.06,52.85C43.92,52.85 43,53.76 43,54.88C43,56.01 43.92,56.92 45.06,56.92Z"
+        android:strokeWidth="1"
+        android:strokeColor="#00000000" />
+</vector>