In Android development, we often use SharedPreferences to store some user data. SharedPreferences are easy to use, but the data stored with SharedPreferences is stored in plain text in the data/data/App package name /shared_prefs directory. If you use SharedPreferences directly to store some user-sensitive data, there will be Security issues. Fortunately, Google provides a Security library to solve this problem.

Note: Security library version 1.0.0 is only available on devices running Android 6.0 (API level 23) and higher. The new version of the library supports other Versions of Android.

As of now, the latest Security library version 1.1.0 is available on devices running Android 5.0 (API level 21) and higher.

use

1. Configure the build.gradle file for the corresponding Module


implementation "Androidx. Security: security - crypto: 1.1.0 - alpha02"

Copy the code

After the configuration is complete, synchronize Gradle. Gradle/build.gradle/build.gradle/build.gradle

allprojects {
	repositories {
  	      maven { url 'https://maven.aliyun.com/repository/google'}... }}Copy the code

Then synchronize gradle again and it should be done. Here are a few other images of Ali in case you need them:

maven { url 'http://maven.aliyun.com/nexus/content/groups/public' }
maven { url 'https://maven.aliyun.com/repository/google' }
maven { url 'https://maven.aliyun.com/repository/jcenter' }


Copy the code

2. Use EncryptedSharedPreferences encrypted data

After the synchronization is complete, the project will have a dependency on the encryption library, as shown in the figure below:

For encryption use EncryptedSharedPreferences SharedPreferences. EncryptedSharedPreferences instructions and the inheritance relationship is as follows:

/**
 * An implementation of {@link SharedPreferences} that encrypts keys and values.
 *
 * <pre>
 *  String masterKeyAlias = MasterKeys.getOrCreate(MasterKeys.AES256_GCM_SPEC);
 *
 *  SharedPreferences sharedPreferences = EncryptedSharedPreferences.create(
 *      "secret_shared_prefs",
 *      masterKeyAlias,
 *      context,
 *      EncryptedSharedPreferences.PrefKeyEncryptionScheme.AES256_SIV,
 *      EncryptedSharedPreferences.PrefValueEncryptionScheme.AES256_GCM
 *  );
 *
 *  // use the shared preferences and editor as you normally would
 *  SharedPreferences.Editor editor = sharedPreferences.edit();
 * </pre>
 */
public final class EncryptedSharedPreferences implements SharedPreferences {...final SharedPreferences mSharedPreferences;// This is the SharedPreferences object that actually manipulates the data.Copy the code

The comments are clear and give examples of how to use them. EncryptedSharedPreferences implements the SharedPreferences and to the encryption keys and values in the complete configuration, to use the same as SharedPreferences. EncryptedSharedPreferences internal hold a real used to manipulate data mSharedPreferences SharedPreferences instance, EncryptedSharedPreferences in reading and writing the data is added when decrypted using mSharedPreferences real persistence.

Example:

Context context = getApplicationContext();
MasterKey masterKey = new MasterKey.Builder(context)
        .setKeyScheme(MasterKey.KeyScheme.AES256_GCM)
        .build();

EncryptedSharedPreferences sharedPreferences = EncryptedSharedPreferences
        .create(
            context,
            FILE_NAME,
            masterKey,
            EncryptedSharedPreferences.PrefKeyEncryptionScheme.AES256_SIV,
            EncryptedSharedPreferences.PrefValueEncryptionScheme.AES256_GCM
        );

SharedPreferences.Editor sharedPrefsEditor = sharedPreferences.edit();

Copy the code

The subsequent reading and writing of data can be done using the sharedPreferences object in exactly the same way as before using sharedPreferences.

Android Security encrypts not only data in SharedPreferences but also files. It’s also easy to use, so if you’re interested, check out the official documentation (link at the end of this article).

Reference Documents:

Google docs handles data more securely

Google Docs handles data more securely in every other version of Android