When building Android apps, storing sensitive data like user credentials, PIN codes, and tokens securely is crucial. Traditionally, SharedPreferences in Android is used to store simple key-value pairs, but data stored in SharedPreferences is not encrypted by default. This presents a potential security risk for sensitive data stored in the app.
Thankfully, Android’s Encrypted Shared Preferences allows developers to encrypt data stored in SharedPreferences, providing a secure way to store sensitive information. This encrypted shared preferences feature is available through the Android Security Library, making it easy to protect your app’s data stored on the device.
In this article, we will explore how to implement encrypted shared preferences in Android, using the security libraryto safeguard keys and values in SharedPreferences. We’ll cover everything from setting up the encryption to how data is stored in a secure manner, and show how it works through code examples.
What Are Encrypted Shared Preferences in Android?
Encrypted Shared Preferences are a secure way to store key-value pairs in Android using AES-256 encryption. This feature is part of the Android Security Library and ensures that data stored in SharedPreferences is encrypted both at rest and in memory. When using encrypted shared preferences, both the keys and values in SharedPreferences are encrypted, preventing unauthorized access to the data.
Why Use Encrypted Shared Preferences?
- Secure Sensitive Data: With encrypted shared preferences, you can store sensitive data like passwords, tokens, and user preferences securely.
- Easy to Implement: The Android Security Library makes it simple to encrypt data without the need for custom encryption logic.
- Hardware-Backed Keystore: In modern devices, encrypted shared preferences can leverage the device's hardware-backed keystore, offering even stronger security.
How to Use Encrypted Shared Preferences in Android
To get started with encrypted shared preferences, you need to set up the Android Security Library in your project. Here’s how to do it step by step.
Step 1: Add Dependencies
In your build.gradle file, add the security library dependency to your app module:
groovy implementation 'androidx.security:security-crypto:1.1.0-alpha02'
This library provides the necessary tools to encrypt data in SharedPreferences and files.
Step 2: Initialize Master Key
Before we can use encrypted shared preferences, we need to create a MasterKey. This key is used to encrypt and decrypt the data in SharedPreferences.
kotlin
val masterKey = MasterKey.Builder(applicationContext)
.setKeyScheme(MasterKey.KeyScheme.AES256_GCM)
.build()The MasterKey is automatically stored securely by Android, often in the hardware-backed keystore, depending on the device’s capabilities.
Step 3: Create Encrypted Shared Preferences
Next, we will create an instance of EncryptedSharedPreferences. This class allows you to store key-value pairs in an encrypted format.
kotlin
val sharedPreferences = EncryptedSharedPreferences.create(
applicationContext,
"encrypted_prefs", // File name for SharedPreferences
masterKey, // Master key for encryption
EncryptedSharedPreferences.PrefKeyEncryptionScheme.AES256_SIV,
EncryptedSharedPreferences.PrefValueEncryptionScheme.AES256_GCM
)- "encrypted_prefs": This is the name of the file where the encrypted data will be stored.
- AES256_SIV: This is the encryption scheme for the keys.
-
AES256_GCM: This is the encryption scheme for the values.
Step 4: Storing and Retrieving Data
Once you have initialized encrypted shared preferences, you can store and retrieve data in the same way you would with regular SharedPreferences, but now the data stored in the file will be encrypted.
Storing Data:
kotlin
sharedPreferences.edit().putString("USER_PIN", "123456").apply()Retrieving Data:
kotlin
val userPin = sharedPreferences.getString("USER_PIN", null)In this case, the USER_PIN is securely stored in encrypted shared preferences. The data is encrypted before it is saved, and it is automatically decrypted when retrieved.
Step 5: Viewing the Encrypted Data
Here’s what the data stored in an encrypted SharedPreferences file looks like:
xml
<?xml version='1.0' encoding='utf-8' standalone='yes' ?>
<map>
<string name="__androidx_security_crypto_encrypted_prefs_key_keyset__">Encrypted...</string>
<string name="__androidx_security_crypto_encrypted_prefs_value_keyset__">Encrypted...</string>
<string name="ASN3dd30XLWQ87WqUN7/2k86i9gqavinCOsSI/Z9PHtW">Encrypted...</string>
</map>As you can see, the keys and values are encrypted, ensuring that even if someone gains access to the file, they will not be able to read the sensitive data.
Benefits of Using Encrypted Shared Preferences
1. Data Security
Using encrypted shared preferences ensures that sensitive data like passwords, user preferences, and tokens are stored securely. The encryption happens automatically, reducing the risk of data exposure.
2. Simple to Implement
The Android Security Library simplifies the process of adding encryption to your app. You can quickly integrate it into your project without the need for complex encryption logic.
3. Compatibility
The library supports Android 6.0 (API 23) and above, making it widely compatible with most modern Android devices.
4. Hardware-Backed Encryption
On devices that support it, the hardware-backed keystore adds an extra layer of security, ensuring that encryption keys are securely stored in hardware, protecting them from tampering.
5. Protects Both Keys and Values
Unlike some encryption approaches that only encrypt values, encrypted shared preferences encrypts both keys and values, providing a complete security solution for your app’s data.
Conclusion: The Easiest Way to Secure Data in Android
In this article, we covered how to use encrypted shared preferences in Android to securely store sensitive data such as PIN codes, tokens, and user preferences. With just a few lines of code, you can integrate the Android Security Libraryinto your app, providing a robust way to store encrypted data.
This is an easy and effective solution to protect your users’ data, and as the Android Security Library matures, it will continue to offer even more powerful security features. Implementing encrypted shared preferences is an essential step toward making your Android apps more secure and protecting data stored in your app from unauthorized access.
FAQs
1. What are Encrypted Shared Preferences in Android?
Encrypted Shared Preferences allow you to store key-value pairs in SharedPreferences securely by encrypting both the keys and values using AES-256 encryption.
Encrypted Shared Preferences allow you to store key-value pairs in SharedPreferences securely by encrypting both the keys and values using AES-256 encryption.
2. How do I implement Encrypted Shared Preferences?
To implement encrypted shared preferences, you need to use the Android Security Library, create a MasterKey, and then use EncryptedSharedPreferences to store and retrieve data securely.
To implement encrypted shared preferences, you need to use the Android Security Library, create a MasterKey, and then use EncryptedSharedPreferences to store and retrieve data securely.
3. Can I use encrypted shared preferences on older Android versions?
Yes, the library supports Android 6.0 (API 23) and above. On devices with older versions of Android, software-based encryption is used.
Yes, the library supports Android 6.0 (API 23) and above. On devices with older versions of Android, software-based encryption is used.
4. How is data stored in Encrypted Shared Preferences different from regular Shared Preferences?
In regular SharedPreferences, the data is stored in plaintext, while in encrypted shared preferences, both the keys and values are encrypted, providing enhanced security for sensitive data.
In regular SharedPreferences, the data is stored in plaintext, while in encrypted shared preferences, both the keys and values are encrypted, providing enhanced security for sensitive data.
5. What encryption algorithms does Encrypted Shared Preferences use?
EncryptedSharedPreferences uses AES-256 SIV for encrypting the keys and AES-256 GCM for encrypting the values.
EncryptedSharedPreferences uses AES-256 SIV for encrypting the keys and AES-256 GCM for encrypting the values.
6. Is the encryption in Encrypted Shared Preferences hardware-backed?
On devices that support it, the MasterKeyused by EncryptedSharedPreferences is stored in a hardware-backed keystore, which provides additional security by protecting the encryption keys in hardware.
On devices that support it, the MasterKeyused by EncryptedSharedPreferences is stored in a hardware-backed keystore, which provides additional security by protecting the encryption keys in hardware.
By using encrypted shared preferences, you can secure sensitive data in your Android apps, ensuring that user information is stored safely and securely.
