Protecting locally stored data is paramount for any secure messaging application, particularly for those like Threema, which intentionally avoids server-side storage. This commitment to user privacy ensures that message content and sensitive information reside solely on users’ devices, eliminating the risks associated with centralized data storage.
On Android devices, the Keystore serves as a robust, system-level solution for the secure management of cryptographic keys. By storing data in an app-specific directory within the system’s internal storage, Threema leverages a sandboxing approach that inherently isolates data, preventing access from other applications. This foundational layer of security is complemented by the encryption of all stored data, rendering it unreadable without the appropriate key—even if unauthorized access occurs at the file level.
Where to store the key?
The effectiveness of encryption hinges on the safeguarding of its key. A compromised key can nullify even the most sophisticated encryption methods. This is where the Android Keystore becomes a central feature of the operating system, designed specifically for the secure generation and storage of cryptographic keys. An app can generate keys within the Keystore without ever having direct access to their raw data. Instead, the Keystore facilitates cryptographic operations internally, ensuring that even the Threema app cannot export or read the key once generated. All encryption and decryption tasks are delegated to the Keystore, enhancing security.
Hardware-Backed Security – If Available
A significant advantage of the Android Keystore is its adaptability to various hardware configurations. Many modern devices incorporate dedicated security chips (Secure Elements or similar technologies) that isolate key storage from the rest of the system. In such a hardware-backed Keystore, keys remain protected even if other system components are compromised, making it virtually impossible to read a key from memory. Conversely, older or budget devices typically utilize a software-backed Keystore, where keys are managed in standard system memory, presenting a higher vulnerability to attacks. Threema prioritizes the use of hardware-backed Keystore solutions whenever available.
Passphrase: An Additional Layer of Protection
To further enhance security, Threema for Android provides users with the option to set a passphrase. This additional layer of protection encrypts data before it is transferred to the Keystore, utilizing a key derived from the passphrase. Accessing the data thus requires two factors, significantly bolstering security, especially on devices lacking a hardware-backed Keystore. On such devices, a strong passphrase can serve as a critical defense against potential attacks. However, on devices equipped with dedicated security chips, the inherent protection offered by the Keystore itself may diminish the added security benefit of a passphrase.
In essence, Threema’s approach combines isolated app storage, consistent encryption, secure key management, and the optional use of a passphrase, creating a multi-layered protection strategy that adapts to the security capabilities of each device.
