koji-1009
commented
3 hours ago First of all, I would like to thank mogol and juliansteenbakker for their work on the original repository.
I forked the plugin because my thoughts on addressing this issue are as follows
- the maintainer is different from the way it is being implemented.
- the scope of the change is large.
My idea is to provide the function to migrate from EncryptedSharedPreferences to DataStore only in v10 and remove it in v11. Since there are so many developers who use flutter_secure_storage, I am not certain that this policy will satisfy them. Perhaps what would satisfy more developers would be to implement EncryptedSharedPreferneces in flutter_secure_storage itself. The maintainer understands this and is probably working on an implementation.
For the above reasons, I distributed the forked library instead of PR to the root project.
The AES/CBC/PKS7Padding being discussed in the issue is for use with Android 22 and below, and should not be used with 23 and above (unless specified). Of course it is important not to depend on EncryptedSharedPreferences, but if frequent security warnings are a problem, I think it can be avoided by setting min support OS to 23.
Android 19 is no longer supported starting with flutter 3.22, so we could (feel free to) contribute just by submitting a PR to update the min sdk. If flutter_secure_storage is updated to support 23+, would that resolve the issue you are experiencing?
https://docs.flutter.dev/release/breaking-changes/android-kitkat-deprecation
https://github.com/mogol/flutter_secure_storage/issues/769 seems to be tackling this issues, but yours seems to handle the migration a bit more safely. Any chance you need help getting this pull requested in? That ticket is marked as needing help. This fix could really help a lot of people out