fix: encrypt stored sdk config

mrehan27 commented 8 months ago

Background

Following the Slack discussion, we realized that we should encrypt the SDK config to prevent possible reverse engineering and unauthorized extraction of keys.

Changes

Utilized EncryptedSharedPreferences for secure storage of the SDK config
Renamed the existing preferences file for the SDK config to avoid corrupt values
Disabled backup for encrypted preferences, as recommended in the Android docs.

Testing

Native SDK users will not experience any impact, as they initialize the SDK in the Application class, eliminating the need for auto-initialization
For existing wrapper customers, the SDK won't be auto-initialized from the killed state until the app is launched after this update. As soon as the app is launched, stored config values will be updated, and everything will proceed as expected.
To test auto backup changes, enable allowBackup in the app and run the following command:

adb shell bmgr backupnow <app-package-name>

github-actions[bot] commented 8 months ago

# Sample app builds 📱 Below you will find the list of the latest versions of the sample apps. It's recommended to always download the latest builds of the sample apps to accurately test the pull request. --- * java_layout: `rehan/encrypt-store-prefs (1698759129)` * kotlin_compose: `rehan/encrypt-store-prefs (1698759138)`

codecov[bot] commented 8 months ago

Codecov Report

Merging #275 (9a32ba8) into main (c494bb0) will decrease coverage by 29.56%. Report is 20 commits behind head on main. The diff coverage is n/a.

@@              Coverage Diff              @@
##               main     #275       +/-   ##
=============================================
- Coverage     49.76%   20.20%   -29.56%     
+ Complexity      237       27      -210     
=============================================
  Files           108       19       -89     
  Lines          2781      480     -2301     
  Branches        364       99      -265     
=============================================
- Hits           1384       97     -1287     
+ Misses         1282      371      -911     
+ Partials        115       12      -103

see 89 files with indirect coverage changes

github-actions[bot] commented 8 months ago

Build available to test Version: rehan-encrypt-store-prefs-SNAPSHOT Repository: https://s01.oss.sonatype.org/content/repositories/snapshots/

mrehan27 commented 8 months ago

Closing this PR based on our discussion on Slack. We'll continue exploring improvements for this and revisit later.

customerio / customerio-android