Security evaluation of Android Keystore
This thesis was prepared in such a way that anyone – with basic Android and Security knowledge – can understand the problems around the key storage module of Android OS called Android Keystore. Keystore is the secure way of Android for storing the sensitive data of Applications. Most of the use cases are examined – regarding the application of Android Keystore – on AVDs (android Virtual Devices), but a physical machine (Nexus 5) is included as well, with or without TEE (Trusted Execution Environment), for Android versions 5, 6 and 7. The contents and areas included in this thesis are as follows. Chapter one is the introduction chapter. The reader gets familiar with the subjects that this thesis explores, mainly the security in Android Apps. In the second chapter, Security background is analyzed for the reader to understand this thesis. The third chapter is focused on the theoretical approach of Android Keystore vulnerability. Chapter four presents the proof of concept for the Android Keystore vulnerability. Chapter five focus on future work that will be done concerning this vulnerability and conclusions. The whole project was executed on 3 AVDs and 1 physical machine with the following Android versions: Android 5 Lollipop, Android 6 Marshmallow, Android 7 Nougat.