The common location where SharedPreferences are stored in Android apps is:
/data/data/<package name>/shared_prefs/<filename.xml>
User with root privileges can navigate to this location and can change its values.Need of protecting it is of much importance.
In how many ways we can encrypt whole shared_pref's xml file?
We all know that we can encrypt and save data in shared_pref's xml file, but that's not only 100% safe, so need to encrypt whole file with a key. Need help in knowing various ways to encrypt whole xml file. This is generic question, various encryption methods discussed as answers here can be helpful to all developers in securing apps.
UPDATED ANSWER:
Android has released a security library with EncryptedSharedPreferences in their Jetpack library.
Edit: With version v1.1.0 you can support Lollipop (API level 21) and above
fun getEncryptedSharedPrefs(context: Context): SharedPreferences {
val masterKey = MasterKey.Builder(context)
.setKeyScheme(MasterKey.KeyScheme.AES256_GCM)
.build()
return EncryptedSharedPreferences.create(
context,
prefsName,
masterKey,
EncryptedSharedPreferences.PrefKeyEncryptionScheme.AES256_SIV,
EncryptedSharedPreferences.PrefValueEncryptionScheme.AES256_GCM
)
}
fun getEncryptedSharedPrefsEditor(context: Context): SharedPreferences.Editor {
return getEncryptedSharedPrefs(context).edit()
}