Open Rainer-Lang opened 7 years ago
It's an interesting topic. I've performed a quick research about that. I think the first step for introducing encryption would be creating an interface for all prefser
public methods. Then, we can add its default implementation. Next, we can create a separate artifact (module) prefser-secure
, which will depend on prefser
for people who would like to use secure preferences. It doesn't make sense to force people who don't want that feature to download additional dependencies for encryption & decryption, what will make apps heavier. Inside presfer-secure
, we can provide additional operations (layer) for encryption & decryption using conceal.
I'm open for a further suggestions and discussion.
Facebook conceal
Google Tink
Alice
https://github.com/rockaport/alice
Encryption
https://github.com/simbiose/Encryption
Crypto-utils
https://github.com/nshusa/crypto-utils
Crypto
Serializing/Deserializing byte array
serializing/deserializing byte array probably will be required while working with encrypting libraries.
Not for now, but we can consider it for the future. Please note that prefser uses
SharedPreferences
from Android SDK under the hood.SharedPreferences
of one application are not accessible for other applications. It could be possible if you explicitly useContext.MODE_WORLD_READABLE
, which is actually deprecated in the newest API. The conclusion is thatSharedPreferences
should be pretty safe by default if they're used correctly and additional encryption is not needed here. Nevertheless, I'm open for a discussion and encryption can be an additional feature. In such case, an external solution for that encryption should be used, because I don't specialize in that area and it's not the trivial problem. Optionally, we can use conceal library by Facebook.