Security of your sensitive data on Android is an important concept that we should care about, and our users expect their data to be kept secure.
There are many ways to secure sensitive data you might consider, including making your own encryption logic or using an open-source library. The easiest way is to use the security library from Android Jetpack.
What is the Android Security Library?
The Security library has robust security features and excellent performance, and it can provide maximum protection by using the hardware-backed key store. This library can encrypt a file and data in Shared Preferences -- Android Security Library.
How to implement it?
Last time, we made a pin code feature on Android, and now I will demonstrate real-world use cases on how to secure your pin code.
Add dependencies into your app/build.gradle (it's working fine even in alpha.)
implementation 'androidx.security:security-crypto:1.1.0-alpha02'
Create an EncryptSharedPreferences class as a singleton. The app I implemented had some crashes when fetching the Android Keystore system without a singleton approach.
class EncryptSharedPreferences constructor(context: Context) {
var sharedPreferences: SharedPreferences
init {
val masterKey = MasterKey.Builder(context)
.setKeyScheme(KeyScheme.AES256_GCM)
.build()
sharedPreferences = EncryptedSharedPreferences.create(
context,
"encrypted_data",
masterKey,
AES256_SIV,
AES256_GCM
)
}
companion object : SingletonHolder<EncryptSharedPreferences, Context>(::EncryptSharedPreferences)
}
Inject EncryptSharedPreferences into your view model and save pin code into the encrypted shared preferences when the user enters the six-pin code into PinCodeViewModel.kt.
val numPadListener = object : NumPadListener {
override fun onNumberClicked(number: Char) {
val existingPinCode = pinCode.value ?: ""
val newPassCode = existingPinCode + number
pinCode.postValue(newPassCode)
// Add this block into PinCodeViewModel.kt.
if (newPassCode.length == 6) {
sharedPreferences.edit().run {
putString(PIN_CODE_KEY, newPassCode)
apply()
}
val pinCodeInSharedPreference = sharedPreferences.getString(PIN_CODE_KEY, "")
securedPinCode.postValue(pinCodeInSharedPreference)
pinCode.postValue("")
}
}
....
The data without encryption:
<?xml version='1.0' encoding='utf-8' standalone='yes' ?>
<map>
<string name="PIN_CODE_KEY">123456</string>
</map>
The data with encryption:
<?xml version='1.0' encoding='utf-8' standalone='yes' ?>
<map>
<string name="__androidx_security_crypto_encrypted_prefs_value_keyset__">08d983858f0512640a580a30747970652e676f6f676c65617069732e636f6d2f676f6f676c652e63727970746f2e74696e6b2e41657347636d4b657912221a2090d93b859ce9ac5d6b3a10eaa3ab74652126d271d5460ee96e1f75761dae9c5a1801100118d983858f052001</string>
<string name="__androidx_security_crypto_encrypted_prefs_key_keyset__">08ddebdd9b021284010a780a30747970652e676f6f676c65617069732e636f6d2f676f6f676c652e63727970746f2e74696e6b2e4165735369764b65791242124063f24cf3d31278b54f26d9402f38b694efcf8db81eeeeb28e82bd059ccb88fe7ff3b6b191429e4a503291ef84378a688c9286074df5780f00254e40e7bcebf1b1801100118ddebdd9b022001</string>
<string name="ASN3dd30XLWQ87WqUN7/2k86i9gqavinCOsSI/Z9PHtW">AVHhQdnK7HMmfAZBi7YvUVo4Aoag/PZfegudqqZJUfA/9Qp6ZUdA0PsvEDfU1Q4=</string>
</map>
Now the user's data is encrypted very well and it’s easy to implement. The library is still in alpha so it might be changed as it stabilizes. You can find the source code on Github
Thank you for reading my article! If you have other suggestions, please comment - I love learning new options (^_^)
