This Encryption Tool Is So Secret It Hides the Fact It Even Exists

​For all the talk of data encryption on cell phones lately, there's one part that's been overlooked: How is law enforcement going to decrypt files they don't know exist in the first place?

That's the impetus behind DroidStealth, a new Android app that not only encrypts your data, but ​hides its existence on your phone altogether.

The program works by storing your encrypted files in a hidden folder it creates. The program itself can be opened by entering a pin number of any length using your smartphone's dialer program, as if you were making a phone call. A separate encryption key is required to decrypt your files.

The program can also be set up as an invisible widget on your phone's home screen, which must be tapped five times before it'll pop up. It can also masquerade as another app, which sits in the app folder as any other app would. The team considered several other disguise techniques, such as hiding the app within a flashlight program.

It's worth pointing out before we get too far into this that DroidStealth is not going to hold up to an intense investigation from the FBI or other law enforcement agency. It's very difficult to hide large caches of files, and it's difficult to completely hide the fact that the program exists on the phone to someone who is doing an entire stripdown of the phone, as law enforcement would presumably do if you were arrested for a crime.

But for a "casual search," say if you're merely harassed by the police, or if you lose your phone and some stranger wants to rifle through it, or you're a protester in a country that has terrible free speech laws, then DroidStealth seems like a godsend.

"A first idea was to disguise the application as a inconspicuous, normal application, we thought about using a calculator program," Alex Walterbos, a student and developer at the Delft University of Technology in the Netherlands, told me. "We moved on from this idea because it could become a known property of the application and would be easy to search for."

The team, which grew out of a class called "hacking labs," was faced with a few constraints. Namely, they wanted to create a program that could be used on a phone without rooting it, which gives access to critical phone functions (and is usually done only by expert users). The aim here, in part, was to make the program safe and accessible to casual users.

"DroidStealth's inspiration originates from the citizen journalism that played a significant role in the Arab Spring," the team ​wrote in a paper describing the program. "People dealing with an oppressive society was chosen as a worst case scenario."

There's been much talk about data encryption on smartphones over the past few months. As iOS and Android have moved to encrypt phone storage by default, ​groups such as the FBI and the ​Justice Department have shaken their fists at it, imploring Apple and Google to build in backdoors to allow law enforcement to access the data anyway. DroidStealth doesn't really add any new levels of security (the FBI is already having trouble cracking Apple and Google's default encryption). But it does offer security by obscurity: If you're searched at the airport and it's obvious that you have encrypted files, that's often enough to land you in hot water.

"Using encryption technology on your smartphone may raise suspicion. We present a tool which goes beyond encrypting sensitive data: It obfuscates the data, and itself," the team wrote.

The main hangup, at the moment, is that if someone searching your phone thinks to search your settings folder or go deep into your phone's storage, they will be able to tell that DroidStealth is installed, theoretically blowing your cover—assuming they know what to look for.

The team's adviser, Johan Pouwelse, says this work comes out of more than 10 years studying security and encryption, and he said that the app is merely a start.

"This is not an isolated project," he told me. "Another fresh team will start next week further expanding on this work."