encrypt data in SharedPreferences

android encryption oauth sharedpreferences
37,592

Solution 1

1). How to encrypt?

On Android the encryption is done via Java Cryptography Architecture (JCA). Mainly it is the javax.crypto.* package.

JCA Reference Guide

Here is an example of JCA API usage (AES alrorithm in particular).

2). Where to store?

Encryption API manipulates with byte arrays (not strings). This means you can use SharedPreferences, but you'll need to apply Base-64 encoding on the encrypted byte array before putting it into SharedPreferences (otherwise XML parser will fail to read the shared preferences file). Then to read you will need to use Base-64 decoding. Note that by default most Android OS versions do not have a built in Base-64 API (see UPDATE section). So to remove this Base-64 overhead I would recommend just to store your bytes in a private file.

UPDATE: Since API Level 8, the API has android.util.Base64.

Solution 2

You can also have a look at this class I made for doing exactly this: https://github.com/sveinungkb/encrypted-userprefs

It uses AES instead of the deprecated and weak DES used in the other suggestion.

Solution 3

I would recommend using Facebook Conceal for encryption on Android almost every time - it's a fast Android library that makes some really sane decisions and leaves you with a few, simple interfaces for actually doing the work.

Bonus! I have recently pieced together the puzzle of how you can use it from Xamarin - see my article on securing your C# app's data using conceal for more information.

Solution 4

You should take a look at Slink. I came to realize that most of the SharedPreferences encryption tools use encryption for each action you make, meaning that each key-value pair is saved only after both key and value been encrypted, separately. This creates a big performance overhead.

So I searched for a library that will give me a more efficient encryption process and I found Slink. Slink uses Facbook's Conceal library to save the entire map of objects as a whole, making it the most efficient and fast SharedPreferences encryption solution. It also uses common Android's SharedPreferences interfaces, which makes the usage extremely easy and almost seamless. Disclaimer: I'm part of the development team developing this library.

Solution 5

See duplicate: Obfuscate/Encrypt SharedPreferences file possible?

Hi, I've created a SharedPreferences implementation using AES encryiption. The project is a maven module. If you need one, take a look. https://github.com/kovmarci86/android-secure-preferences

Share:
37,592
Simon
Author by

Simon

Updated on April 07, 2020

Comments

  • Simon
    Simon about 4 years

    Im currently developing a framework for oAuth 1 and 2 access to webservices and my question is, how do i store sensitive data like an oAuth access key in a secure way? the problem with this keys is that some platforms like twitter use a permanent key and if someone would get access to this key he could do whatever he wants with the users twitter account..

    so is it possible to automatically encrypt the data before it is stored in the shared preferences? Or is there a better way/place to store very important data?

    UPDATE - ALSO READ: What is the most appropriate way to store user settings in Android application

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Store client secret securely
How to Secure Android Shared Preferences?
MissingPluginException(No implementation found for method getAll on channel plugins.flutter.io/shared_preferences) while getting FCM in background
How to convert String to Time in Hour, Minute, Second as integer in flutter?
Flutter - Keeping variable's value after each app restart
How to access iOS UserDefaults stored data in Flutter SharedPrefrences
How to access android Shared preferences(using java) on the flutter end (using dart)?
SharedPreferences not instantiating in release build
Why does "appAuthRedirectScheme" as manifest placeholder has no effect?
How to delete/clear shared-preferences using key in flutter?