The android platform nowadays has a secure [keystore](https://developer.android.com/privacy-and-security/keystore) , that is locked to the TEE (trusted execution environment) on phones where it is available. Notably, the TEE part is only used if the hardware supports it. This implies the existence of a software-backed keystore, that doesn't use a TEE. I've been able to confirm the validity of this notion, as on WayDroid on linux, /data/misc/keystore holds an actual keystore.
I'm an avid tinkerer, so I always have a bootloader unlocked/rooted phone, and I've hit a few situations where backing up apps and restoring them on a different phone, or even the same phone after wiping all the other data, has caused them to stop functioning, due to them being unable to decrypt the keys. This is an absolute deal breaker to me, as I strongly believe that my ability to own my data superseeds any means of security.
This is why, as there seemingly is no way to extract keys from a TEE, I'm looking for a way to *force* android to use a software keystore, such that /data/misc/keystore can be moved around to different phones and used to decrypt any apps. I want to do this through any means necessary, which includes the possibility of developing a magisk module or patching the ROM directly, in order to get this functionality. I just need to know where to look.
In the event where it matters, the ROM I'm currently using is crDroid, which integrates KernelSU as its root solution, rather than Magisk.
Asked by mid_kid
(101 rep)
Oct 23, 2024, 07:22 PM
Last activity: Nov 30, 2024, 05:14 PM
Last activity: Nov 30, 2024, 05:14 PM