Building a Signing Server

December 18, 2017

The Android APK signing model sets the expectation that the signing key will be the same for the entire lifetime of the app. That can be seen in the …

Building the most private app store

June 2, 2016

App stores can work well without any tracking at all Attackers are increasingly seeing app stores as a prime attack vector, whether it is aimed at the …

How to Migrate Your Android App’s Signing Key

December 29, 2015

It is time to update to a stronger signing key for your Android app! The old default RSA 1024-bit key is weak and officially deprecated. What? The …

Introducing TrustedIntents for Android

July 30, 2014

Following up on our research on secure Intent interactions, we are now announcing the first working version of the TrustedIntents library for Android. …

Security in a thumb drive: the promise and pain of hardware security modules, take one!

March 28, 2014

Hardware Security Modules (aka Smartcards, chipcards, etc) provide a secure way to store and use cryptographic keys, while actually making the whole …

Integrating Crypto Identities with Android

December 28, 2013

ver the past couple of years, Android has included a central database for managing information about people, it is known as the ContactsContract …

Keys, signatures, certificates, verifications, etc. What are all these for?

December 12, 2013

For the past two years, we have been thinking about how to make it easier for anyone to achieve private communications. One particular focus has been …

Getting keys into your keyring with Gnu Privacy Guard for Android

December 6, 2013

Now that you can have a full GnuPG on your Android device with Gnu Privacy Guard for Android, the next step is getting keys you need onto your device …

On Verifying Identity Using Cryptography

March 19, 2012

One of the most important uses of cryptography these days is verifying the identity of the other side of a digital conversation. That conversation …