Skip to content

A slightly less insecure wrapper for SharedUserPreferences for Android. Keys and values encrypted using a symmetric cipher.

Notifications You must be signed in to change notification settings

rafalniski/encrypted-userprefs

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
 
 
 
 

Repository files navigation

encrypted-userprefs

An encrypted and slightly less insecure wrapper for SharedPreferences for Android. SharedPreferences on Android stores all of your values in "plain text", simply protected by the user-restricted file system on Android. If you gain root access to an Android device you have full read/write access to the application preferences of all of the applications installed.

Many applications store some kind of application secret (e.g. a communication token, last used account number) using SharedPreferences.

By using this class you'll protect your preferences with a strong and proven symmetric cipher (AES) which will make it harder for anyone wishing to extract information from your application.

PS: This will not make your application bulletproof, just better :)

Example:

A regular shared preference file looks like this from adb shell:

cat /data/data/your.package.application/shared_prefs/prefs-test.xml
<?xml version='1.0' encoding='utf-8' standalone='yes' ?>
<map>
<string name="hemmelighet">dette er en hemmelighet</string>
</map>

With encryption you get a less obvious version:

cat /data/data/your.package.application/shared_prefs/prefs-test.xml
<?xml version='1.0' encoding='utf-8' standalone='yes' ?>
<map>
<string name="JopRH053b7Ogw17Yxmh7Og==">0AB7Y28XEvbQcnXpEZ4j9PtqzFLtm2V3KBXjTO1V704=</string>
</map>

The key is "hemmelighet" and the value is "dette er en hemmelighet".

Usage:

// Init
SecurePreferences preferences = new SecurePreferences(context, "my-preferences", "SometopSecretKey1235", true);
// Put (all puts are automatically committed)
preferences.put("userId", "User1234");
// Get
String user = preferences.getString("userId");

Requirements and limitation:

Android API Level 8 (for Base64 support). Only strings put/gets are supported for now, this should cover most usages.

About

A slightly less insecure wrapper for SharedUserPreferences for Android. Keys and values encrypted using a symmetric cipher.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published