I am working in one of my android project in which I have used Shared preference. Recently I found that you can see Shared preference values if you root your device. so basically Shared preference is not secure any more. can anyone suggest me what is the best way to encrypt/decrypt Shared preference values? if there any good libraries? I have seen many solutions to encrypt/decrypt Shared preference but no one looks secure. Any suggestions please?
Asked
Active
Viewed 3,462 times
7
-
2This library : https://github.com/scottyab/secure-preferences helped me achieve what you are looking for. – Smashing Aug 27 '15 at 13:38
-
I'm curious what it is that you're storing in SharedPreferences that needs protection from rooted devices? – adelphus Aug 27 '15 at 13:40
-
Thanks @Smashing. This is much usable library. thanks for your answer. – Hitesh Kamani Aug 27 '15 at 13:41
-
2I have to store some IDs which are of 5 to 10 characters long. And I don't think it is wise to use some other storage ways like SQLite Database or files. – Hitesh Kamani Aug 27 '15 at 13:43
-
You can't protect your device or app from root. On that note, EncryptedSharedPreferences does **not** protect against root. It stores the encryption key in the KeyStore which root has access to. Once an attacker has root, its game over. – Jul 01 '22 at 20:56
1 Answers
-2
The data can be accessed and manipulated by any App. But you have to consider that only a very small percentage (I guess under 1-2%, but there is no reliable data on the interweb) of devices are rooted and if a user roots his device he/she deliberately leaves himself vulnerable. This is not an Android system setting, if you root, you are responsible for the consequences. Click the Link Hope this link will help you.
-
1That is what I want to secure my shared preference data even on rooted device. – Hitesh Kamani Aug 27 '15 at 13:38
-
5its not about the user being vulnerable, its about his apps data getting compromised by the user who rooted – tyczj Aug 27 '15 at 13:45