Upwardly Mobile

Episode Title: The Good, The Bad, and The Ugly in Mobile Encryption

In this episode of Upwardly Mobile, hosted by George & Skye and sponsored by Approov, we dive deep into the crucial world of encryption algorithms for mobile app developers. Protecting user data is paramount for trust, compliance, and preventing breaches, but navigating the landscape of encryption can be challenging. We break down algorithms into three categories: The Good, The Bad, and The Ugly, discussing which ones to use, which to avoid, and learning from past failures.Episode Summary:Encryption is non-negotiable in mobile development, affecting data security, privacy, and compliance. Choosing the right algorithm is critical, as not all are created equal.The Good: We highlight modern, reliable encryption algorithms essential for mobile applications.

• AES (Advanced Encryption Standard): The industry standard for symmetric encryption. AES-256 is recommended for its strength, performance, and flexibility. Using AES-GCM mode provides both confidentiality and integrity/authenticity, which is vital. Modern mobile CPUs often have hardware acceleration (AES-NI) making it very fast.
• ECC (Elliptic Curve Cryptography): The modern choice for asymmetric cryptography, particularly valuable in mobile environments with limited resources. ECC offers robust security with significantly smaller key lengths compared to RSA, leading to faster computations, less memory, lower power consumption, and less data transmitted. It’s ideal for secure key exchange (like ECDHE in TLS) and digital signatures (like ECDSA).
• ChaCha20-Poly1305: An excellent AEAD symmetric cipher. It offers security comparable to AES-256-GCM and performs exceptionally well in software, often faster than AES on devices without dedicated hardware acceleration. It’s widely used in TLS 1.3.
• Hashing Algorithms: For integrity checks and password storage. Use the SHA-2 family (SHA-256, SHA-384, SHA-512) or the newer SHA-3 family. For password hashing, never just hash passwords; use dedicated functions like Argon2 (current best practice) or bcrypt, designed to be slow and memory-intensive to resist brute-force attacks.
• Secure Protocols: Always use TLS 1.3 for securing network communications (HTTPS), as it mandates strong ciphers and removes insecure options.
• Key Management: Leverage platform-provided secure key storage like Android Keystore and iOS Keychain, which often use hardware-backed secure elements.
• The Hybrid Approach: The standard practice involves using asymmetric crypto (like ECDHE) to establish a shared secret key securely, and then using that secret key with a fast symmetric AEAD cipher (like AES-GCM or ChaCha20-Poly1305) to encrypt the actual application data.

The Bad: Certain algorithms are outdated, inefficient, or have known vulnerabilities and should be avoided at all costs.

• DES (Data Encryption Standard): Long obsolete with a small 56-bit key size, easily cracked with modern hardware. Completely insecure.
• 3DES (Triple DES): While an improvement over DES, it’s considered weak against current cryptanalysis and is significantly slower than modern standards like AES.
• RC4: A stream cipher vulnerable to multiple types of attacks, deprecated in TLS 1.3.
• MD5 & SHA-1: Hashing algorithms considered broken for security purposes like digital signatures or password hashing due to practical collision attacks. Use SHA-2 or SHA-3 instead.
• CBC Mode without MAC: Using modes like AES-CBC without combining them correctly with a strong Message Authentication Code (MAC) can lead to vulnerabilities like padding oracle attacks (POODLE) and bit-flipping attacks. AEAD modes like GCM handle this automatically.
• ECB Mode (Electronic Codebook): Never use for more than one block of data, as it leaks patterns visibly.
• Older Protocols: SSLv2, SSLv3, TLS 1.0, and TLS 1.1 have known vulnerabilities (POODLE, BEAST). Use TLS 1.2 minimum, strongly prefer TLS 1.3.

The Ugly: Some cryptographic failures stem from inherent flaws, flawed implementations, or real-world exploits.

• MD5 & SHA-1: Suffered severe cryptographic failures with discovered collisions.
• WEP (Wired Equivalent Privacy): A notorious failure in wireless network security, riddled with vulnerabilities exploitable in minutes.
• Implementation Errors: This is where most failures occur. Examples include hardcoded keys, weak random number generation, insecure key storage (plaintext in preferences/files), missing certificate validation (allowing MitM attacks), and protocol downgrade attacks.
• Rolling Your Own Crypto: Unless you are an expert cryptographer, do not invent your own algorithms or protocols; stick to well-vetted standards and libraries.
• Library Vulnerabilities: Bugs in crypto libraries can be devastating, as seen with Heartbleed in OpenSSL. Keep libraries updated.
• Side-Channel Attacks: Exploit information leaked from the physical implementation (timing, power consumption).

The Future: Post-Quantum Cryptography (PQC): With the potential advent of large-scale quantum computers, current public-key algorithms like RSA and ECC may become vulnerable.

• NIST Standardization: Proactive research is ongoing to develop PQC algorithms resistant to quantum attacks. NIST has finalised initial standards as of August 2024: ML-KEM (CRYSTALS-Kyber) for encryption/key establishment (FIPS 203), ML-DSA (CRYSTALS-Dilithium) for digital signatures (FIPS 204), and SLH-DSA (SPHINCS+) (FIPS 205). HQC was selected as an additional KEM standard in March 2025.
• What This Means for Developers: Awareness is key. There’s no immediate panic, as mature library support will take time. Start planning for crypto-agility to allow easier algorithm updates in the future. Be aware of potential performance differences (e.g., larger key/signature sizes). Stay informed.

Key Takeaways: Prioritise strong, efficient, and widely-supported standards like AES-256 and ECC. Phase out vulnerable algorithms like DES, 3DES, and RC4. Avoid disastrous failures like MD5 and WEP. Use secure protocols like TLS 1.3. Manage keys securely using platform features. Learn from the ‘Ugly’ examples and avoid implementation pitfalls. Stay informed about post-quantum encryption to prepare for the future.

Keywords: mobile app security, encryption algorithms, AES, ECC, ChaCha20-Poly1305, TLS 1.3, SHA-2, SHA-3, Argon2, bcrypt, DES, 3DES, RC4, MD5, SHA-1, WEP, PQC, Post-Quantum Cryptography, CRYSTALS-Kyber, CRYSTALS-Dilithium, SPHINCS+, HQC, app attestation, API protection, mobile development, cybersecurity, data security, cryptography.

Learn more about the sponsor, Approov: https://approov.io/