5

I found a similar question here and lots of other articles about securing shared preferences but they all come with a warning that-

The certificate you use as the password or “secret” in your code is deleted if the lock screen method or PIN/Pattern is changed.

This is the library people suggesting to use but it has a lot of unresolved issues like if updating to Android Q they are not able to access data.

And EncryptedSharedPreferences can only be used if Min API is 23 (6.0+).

Can someone please suggest if they've found any reliable way to implement encrypt shared preferences?

Ankit
  • 483
  • 7
  • 24
  • You can have an inhouse encryption/decryption logic. When you save a value to shared pref, encrypt it before saving and while you retrieve a value decrypt it before using it. You can write an independent module that takes care of this. All the shared pref related operations should be routed via that module. – Ezio Jan 10 '20 at 06:37
  • 2
    but that encryption logic is not secure, anyone can reverse code my apk and then decode those keys. – Ankit Jan 10 '20 at 07:10
  • @Ankit Have you found solution? If yes , then please post it. – Kousalya Mar 30 '21 at 09:33
  • 1
    @kousalya I'm using both EncryptedSharedPreferences on SharedPreferences according to device version (21+ ESP and below that SP). Also not encrypting data for older version coz thats too slow. – Ankit Apr 01 '21 at 12:49
  • @Ankit What are you trying to protect against by encrypting SharedPreferences? –  Jul 01 '22 at 21:39

3 Answers3

4

A new version of EncryptedSharedPreferences (https://developer.android.com/reference/kotlin/androidx/security/crypto/EncryptedSharedPreferences.html) has been released, supporting API Level 21+! So if you're using version 1.1.0-alpha01 and higher, you can have minSdk version 21.

So this is what you have to put to your build.gradle(app): androidx.security:security-crypto:1.1.0-alpha01.

Time of typing this, there are newer versions, you can find out more about it here https://developer.android.com/jetpack/androidx/releases/security?authuser=1.

Jakub Kostka
  • 551
  • 2
  • 7
  • 20
-1

For Preference encryption you can use EncryptedSharedPreferences but it provide support from API level 21 (marshmallow).

Below 21 API level you need to encrypt preference data at your end by using AES encryption. Refer below link https://github.com/Naibeck/Android-Security

webaddicted
  • 1,071
  • 10
  • 23
-3

This one is useful for encrypt shared preferences https://developer.android.com/reference/kotlin/androidx/security/crypto/EncryptedSharedPreferences.html

Nensi Kasundra
  • 1,980
  • 6
  • 21
  • 34