A slightly less insecure wrapper for SharedUserPreferences for Android. Keys and values encrypted using a symmetric cipher.
Java
Switch branches/tags
Nothing to show
Latest commit 4be00c6 Jul 9, 2012 @sveinungkb Fixed faulty decryption
Permalink
Failed to load latest commit information.
src Fixed faulty decryption Jul 9, 2012
README.md More readme info Jun 4, 2012

README.md

encrypted-userprefs

An encrypted and slightly less insecure wrapper for SharedPreferences for Android. SharedPreferences on Android stores all of your values in "plain text", simply protected by the user-restricted file system on Android. If you gain root access to an Android device you have full read/write access to the application preferences of all of the applications installed.

Many applications store some kind of application secret (e.g. a communication token, last used account number) using SharedPreferences.

By using this class you'll protect your preferences with a strong and proven symmetric cipher (AES) which will make it harder for anyone wishing to extract information from your application.

PS: This will not make your application bulletproof, just better :)

Example:

A regular shared preference file looks like this from adb shell:

cat /data/data/your.package.application/shared_prefs/prefs-test.xml
<?xml version='1.0' encoding='utf-8' standalone='yes' ?>
<map>
<string name="hemmelighet">dette er en hemmelighet</string>
</map>

With encryption you get a less obvious version:

cat /data/data/your.package.application/shared_prefs/prefs-test.xml
<?xml version='1.0' encoding='utf-8' standalone='yes' ?>
<map>
<string name="JopRH053b7Ogw17Yxmh7Og==">0AB7Y28XEvbQcnXpEZ4j9PtqzFLtm2V3KBXjTO1V704=</string>
</map>

The key is "hemmelighet" and the value is "dette er en hemmelighet".

Usage:

// Init
SecurePreferences preferences = new SecurePreferences(context, "my-preferences", "SometopSecretKey1235", true);
// Put (all puts are automatically committed)
preferences.put("userId", "User1234");
// Get
String user = preferences.getString("userId");

Requirements and limitation:

Android API Level 8 (for Base64 support). Only strings put/gets are supported for now, this should cover most usages.