An encrypted and slightly less insecure wrapper for SharedPreferences for Android. SharedPreferences on Android stores all of your values in "plain text", simply protected by the user-restricted file system on Android. If you gain root access to an Android device you have full read/write access to the application preferences of all of the applications installed.
Many applications store some kind of application secret (e.g. a communication token, last used account number) using SharedPreferences.
By using this class you'll protect your preferences with a strong and proven symmetric cipher (AES) which will make it harder for anyone wishing to extract information from your application.
PS: This will not make your application bulletproof, just better :)
A regular shared preference file looks like this from adb shell:
cat /data/data/your.package.application/shared_prefs/prefs-test.xml <?xml version='1.0' encoding='utf-8' standalone='yes' ?> <map> <string name="hemmelighet">dette er en hemmelighet</string> </map>
With encryption you get a less obvious version:
cat /data/data/your.package.application/shared_prefs/prefs-test.xml <?xml version='1.0' encoding='utf-8' standalone='yes' ?> <map> <string name="JopRH053b7Ogw17Yxmh7Og==">0AB7Y28XEvbQcnXpEZ4j9PtqzFLtm2V3KBXjTO1V704=</string> </map> The key is "hemmelighet" and the value is "dette er en hemmelighet".
// Init SecurePreferences preferences = new SecurePreferences(context, "my-preferences", "SometopSecretKey1235", true); // Put (all puts are automatically committed) preferences.put("userId", "User1234"); // Get String user = preferences.getString("userId");
Requirements and limitation:
Android API Level 8 (for Base64 support). Only strings put/gets are supported for now, this should cover most usages.