Design And Implementation Of Android Mobile Password Manager

In today's Internet age,mobile devices are becoming more widely used.Android operating system as the most popular mobile operating system,continue to consolidate and expand their market share.Regardless of the global or domestic,Android system accounts for more than 50% of the mobile device system,China is now as high as 80%or more.Millions of apps are available for download,which greatly facilitates people's lives.In many Android mobile applications,the password manager application is relatively small and not widely used,but a safe and concise password manager software can help the user to manage many complicated passwords and avoid the user to remember a large number of passwords.So the market prospect is huge.This article first introduced the basic characteristics of the Android operating system and analyzes the current market presence of various Android password managers' performances,advantages and disadvantages.Second,based on the application development point of view,describes a variety of technologies which are used to realize an Android password manager in detail.In order to solve various security problems existing in the current password manager,this paper proposes corresponding solutions:1.Aiming at the hidden trouble of information input by unsafe third-party input method,this paper innovatively designs and implements a secure input method embedded in the application,proposes and implements a randomization scheme of keys' layout to increase the the difficulty of keystroke sniffing attack to ensure the security of sensitive information's entry.2.For all Android password manager using the system clipboard to realize the security risks filled with sensitive information,the use of the secure input method of the keyboard directly receives ciphertext information in the database for instant decryption fill information to ensure the security of sensitive information filling.3.For the existence of local data storage loss of data security risks,this paper proposed the user's data stored in the server.For this purpose,a complete client-server system has been set up.The data is stored according to the MySQL access control mechanism to ensure the safe storage of sensitive information.4.According to the security risks of plain text communication between client and server,this paper first builds the inner security communication framework based on HTTP protocol.After the master password is stored on the server by the bcrypt digest algorithm,the symmetric key is transmitted by using the public key algorithm,and the data on the channel is transmitted using the symmetrically encrypted ciphertext.To prevent public keys from being hijacked and tampered during delivery,HTTPS is built by importing self-signed certificates and repackaging Volley requests so that sensitive information is transmitted under tight dual security.In addition,fingerprint authentication is added to the user's operation of the key links.This framework guarantees the secure transfer of sensitive information.The development of the software follows the waterfall flow development model.From the perspective of project implementation,the various modules of the password manager software are analyzed in detail.With the current problems as the orientation,the author focuses on the design of each function module around data security,And through the organic combination and connection between the functional modules to complete a complete set of security systems.