Protect FxA login state using the `dataprotect` component

[rfk]

The current FxA integration stores the signin state in android shared preferences [1]. When we come to implement full sync support, this signin state will include the user's sync encryption keys and should therefore receive additional protection when stored on-disk.

IIUC, this "additional protection" is exactly the sort of thing that the dataprotect component [2] is designed for. Let's discuss how to apply dataprotect protections to the FxA login state data.

I want to learn more about using these components in practice, so I'm happy to have a go at implementing a prototype here. But I don't have any good sense of how to put the pieces together architecturally. Would it make sense for the FirefoxAccountsIntegration instance [3] to receive a dataprotect.Keystore instance with which it can encrypt its sensitive state?

[1] https://developer.android.com/reference/android/content/SharedPreferences [2] https://mozilla-mobile.github.io/android-components/api/0.29.0/mozilla.components.lib.dataprotect/-keystore/index.html [3] https://github.com/mozilla-mobile/reference-browser/blob/master/app/src/main/java/org/mozilla/reference/browser/browser/FirefoxAccountsIntegration.kt

[pocmo]

One potential blocker here is that lib-dataprotect requires Android 6.0+ (API 23+) instead of 5.0+ (API 21+) like our other components. It will be tough to convince the product team to drop ~17% of the market for this: https://developer.android.com/about/dashboards/