Evaluation of Cryptographic Capabilities for the Android Platform

  • David González
  • Oscar EsparzaEmail author
  • Jose L. Muñoz
  • Juanjo Alins
  • Jorge Mata
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 523)


Future networks will be formed by millions of devices, many of them mobile, sharing information and running applications. Android is currently the most widely used operating system in smartphones, and it is becoming more and more popular in other devices. Providing security to these mobile devices and applications is a must for the proper deployment of future networks. For this reason, this paper studies the cryptographic structure and built-in tools in Android, and shows that the operating system has been specially designed for plugging-in external cryptographic modules. We conclude that the best option for providing cryptographic capabilities is using these external modules. We show the existent options and compare some features, like licensing, source code availability and price. We define some requirements, evaluate each module, and provide guidelines for developers who want to use properly security primitives.


Mobile Device Source Code Outlier Measure Cryptographic Algorithm Android Application 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.



This work was supported partially by the Spanish Research Council with Project SERVET TEC2011-26452, and by Generalitat de Catalunya with Grant 2014-SGR-1504 and 2014-SGR-375 to consolidated research groups.


  1. 1.
    Android Git repositories.
  2. 2.
    Bouncy Castle repository. Android Git repositories.
  3. 3.
    Abusharekh, A.: Comparative Analysis of Multi-Precision Arithmetic Libraries for Public Key Cryptography. Ph.D. thesis, George Mason University, Washington, DC (2004)Google Scholar
  4. 4.
    Bingmann, T.: Speedtest and comparsion of open-source cryptography libraries and compiler flags.
  5. 5.
    Campione, M., Walrath, K., Huml, A.: The Java Tutorial: A Short Course on the Basics, 3rd edn. Addison-Wesley Longman Publishing Co., Inc., Boston (2000)Google Scholar
  6. 6.
    Carroll, A., Heiser, G.: An analysis of power consumption in a smartphone. In: Proceedings of the 2010 USENIX Conference on USENIX Annual Technical Conference, USENIXATC 2010, pp. 21–21. USENIX Association, Berkeley (2010)Google Scholar
  7. 7.
    eMarketer Inc.: 2 billion consumers worldwide to get smartphones by 2016 (2014).
  8. 8.
    Enck, W., Octeau, D., McDaniel, P., Chaudhuri, S.: A study of android application security. In: Proceedings of the 20th USENIX Conference on Security, SEC 2011, pp. 21–21. USENIX Association, Berkeley (2011)Google Scholar
  9. 9.
    Enck, W., Ongtang, M., McDaniel, P.: Understanding android security. IEEE Secur. Priv. 7(1), 50–57 (2009)CrossRefGoogle Scholar
  10. 10.
    Institute for Applied Information Processing and Communication. Gratz University of Technology. Core Crypto Toolkits.
  11. 11.
    Free Software Foundation. The GNU Crypto project.
  12. 12.
    Goasduff, L., Rivera, J.: Gartner says smartphone sales surpassed one billion units in 2014 (2015).
  13. 13.
    Jones, C.: Google Play catching up to Apple’s App Store (2013).
  14. 14.
    Laverty, J.P., Wood, D.F., Kohun, F.G., Turchek, J.: Comparative analysis of mobile application development and security models. Issues Inf. Syst. 12(1), 301–312 (2011)Google Scholar
  15. 15.
    Nightingale, J.S.: Comparative analysis of Java cryptographic libraries for public key cryptography (2006).
  16. 16.
    The Legion of Bouncy Castle. Boncy Castle.
  17. 17.
    Research Group of Prof. Dr. Johannes Buchmann. FlexiProvider.
  18. 18.
    Android Open Source Project. BigInteger class, Android API.
  19. 19.
    Android Open Source Project. Crypto Provider, Android platform ‘libcore’ repository. Android Git repositories.
  20. 20.
    Android Open Source Project. package, Android API.
  21. 21.
    Android Open Source Project. JSSE Provider, Android platform ‘conscrypt’ repository. Android Git repositories.
  22. 22.
    Android Open Source Project. OpenSSL Provider, Android platform ‘conscrypt’ repository. Android Git repositories.
  23. 23.
    Android Open Source Project. OpenSSL repository. Android Git repositories.
  24. 24.
  25. 25.
    Android Open Source Project. Processes and threads.
  26. 26.
    Android Open Source Project. Android Developers (2014).
  27. 27.
    The Cryptix Project. Cryptix.
  28. 28.
    Ragnarsson, L.: The logi.crypto Java package.
  29. 29.
    Shabtai, A., Fledel, Y., Kanonov, U., Elovici, Y., Dolev, S., Glezer, C.: Google android: a comprehensive security assessment. IEEE Secur. Priv. 8(2), 35–44 (2010)CrossRefGoogle Scholar
  30. 30.
    National Institute Standards and Technology. Cryptographic Toolkit.
  31. 31.
    Roberto Tyley. SpongyCastle.
  32. 32.
    Viega, J., Chandra, P., Messier, M.: Network Security with Openssl, 1st edn. O’Reilly & Associates Inc., Sebastopol (2002)Google Scholar
  33. 33.
    Walker, M.A.: Standard method of evaluating cryptographic capabilities and efficiency for devices with the Android platform (2010).

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • David González
    • 1
  • Oscar Esparza
    • 1
    Email author
  • Jose L. Muñoz
    • 1
  • Juanjo Alins
    • 1
  • Jorge Mata
    • 1
  1. 1.Network Engineering DepartmentUniversitat Politècnica de CatalunyaBarcelonaSpain

Personalised recommendations