When your smartphone caches part of your mobile apps and data onto your SD card, that data's vulnerable: It can be seen by other apps. Facebook's Conceal, a set of Java APIs, will solve the problem for those developers that use them.
"What many people don't realize is that Android's privacy model treats the SD card storage as a publicly accessible directory," Subodh Iyengar, a Facebook developer, wrote in a blog post on Tuesday. "This allows data to be read by any app (with the right permissions). Thus, external storage is normally not a good place to store private information."
Conceal works by "wrapping" whatever data is written to your phone's SD card in a layer of cryptography. Iyengar said that the technology was optimized for performance, so the crypto layer used a subset of cryptographic algorithms from OpenSSL to maximize performance. The software does use AES, however, to generate what's known as a Message Authentication Code to validate the data package and validate that it hasn't been tampered with.
In concept, Conceal provides something similar--but much less robust--to an encrypted store of information, such as the hardened, 256-bit AES encryption applied to a subset of the phone's storage for BYOD technology like Samsung's Knox. It won't replace it, however.
So far, we haven't been able to find a developer who has signed on to use Conceal. But Facebook has made the Conceal technology open-source, so that anyone can jump in and use it--including Facebook itself. Securing your SD card probably isn't on your security to-do list, so this is also a good reality check: Your photos and other digital bits floating around on your phone's card may not be for your eyes only.