3

So, I'm interested in obfuscating the SharedPreferences xml file of my app, much like Android LVL does to obfuscate it's license cahce data. Would this be conceivable? Plenty of google-digging has yielded little results that might address my question. And I'm certainly no cryptologist.

What about other forms of encryption? My end goal isn't to try making the xml bulletproof, I just want to block out the lower 90% of people who would refrain from messing around with it if it's not in plain text.

arkon
  • 2,209
  • 3
  • 27
  • 36

5 Answers5

3

How about obfuscating the keys and values stored in the preference-XML?

I made a wrapper for the shared preferences which encrypt both keys and values: https://github.com/sveinungkb/encrypted-userprefs

Sveinung Kval Bakken
  • 3,715
  • 1
  • 24
  • 30
3

Don't believe this is possible, not without major modifications (possibly write your own Preferences implementation), and I couldn't even begin to think about how you would persuade Android to load from your Preferences implementation.

The default SharedPreferences implementation isn't replaceable as far as I can tell: if you need to encrypt something do what LVL does and either encrypt the value you write to the SharedPreferences XML, or create your own entirely encrypted file and manage it on disk yourself.

Femi
  • 64,273
  • 8
  • 118
  • 148
  • I was afraid that was the answer I was going to get, but thank you very much at least it's clarified for me now. – arkon Apr 29 '11 at 05:32
2

I've created a SharedPreferences implementation using AES encryiption. The project is a maven module. If you need one, take a look. https://github.com/kovmarci86/android-secure-preferences

Marcell
  • 973
  • 1
  • 6
  • 13
2

Can you not use a scheme to change the data in some mannner so as to render it incomprehensible to most people? I can suggest one way. First, use fixed size string so that it does not change length with the data being saved. Next, you can apply some simple function to swizzle the bytes and offset each byte. So the end result will still be a string but it will make it hard for someone normal to figure out what it is, though a person bent on cracking it can succeed.

Edunik
  • 21
  • 1
0

what you can do is.. wrap the sharedpreferences with your own method.. and avoid use your method name such as "Encrypt" "Decrypt" "String" etc.. because the proguard wont obfuscate the word..

here for example https://github.com/afiqiqmal/ConcealSharedPreference-Android

ZeroOne
  • 8,996
  • 4
  • 27
  • 45