Is encryption planned? - Githubissues

Not for now, but we can consider it for the future. Please note that prefser uses SharedPreferences from Android SDK under the hood. SharedPreferences of one application are not accessible for other applications. It could be possible if you explicitly use Context.MODE_WORLD_READABLE, which is actually deprecated in the newest API. The conclusion is that SharedPreferences should be pretty safe by default if they're used correctly and additional encryption is not needed here. Nevertheless, I'm open for a discussion and encryption can be an additional feature. In such case, an external solution for that encryption should be used, because I don't specialize in that area and it's not the trivial problem. Optionally, we can use conceal library by Facebook.

It's an interesting topic. I've performed a quick research about that. I think the first step for introducing encryption would be creating an interface for all prefser public methods. Then, we can add its default implementation. Next, we can create a separate artifact (module) prefser-secure, which will depend on prefser for people who would like to use secure preferences. It doesn't make sense to force people who don't want that feature to download additional dependencies for encryption & decryption, what will make apps heavier. Inside presfer-secure, we can provide additional operations (layer) for encryption & decryption using conceal.

I'm open for a further suggestions and discussion.