search

scottyab / secure-preferences

Android Shared preference wrapper than encrypts the values of Shared Preferences. It's not bullet proof security but rather a quick win for incrementally making your android app more secure.
1.53k stars 235 forks source link

handlePasswordChange problems (v0.1.4) #41

Closed zecatman closed 8 years ago

zecatman commented 8 years ago

Consider the following code snippet 

SecurePreferences securedPreferences = new SecurePreferences(myContext, "myPassword", "myfile");
securedPreferences.handlePasswordChange("myNewPassword", myContext);

Using handlePasswordChange leads to a strange behaviour. After method call, secured preferences file myfile.xml is empty and updated preferences are written into default shared preferences file.

Problem seems to come from the following method

private SharedPreferences getSharedPreferenceFile(Context context, String prefFilename) {
        this.sharedPrefFilename = sharedPrefFilename ;

        if(TextUtils.isEmpty(prefFilename)) {
            return PreferenceManager
                    .getDefaultSharedPreferences(context);
        }
        else{
          return context.getSharedPreferences(prefFilename, Context.MODE_PRIVATE);
        }
}

It does not set sharedPrefFilename attribute with parameter prefFilename. So it is null when handlePasswordChange uses it to handle shared preference instance refresh

//refresh the sharedPreferences object ref: I found it was retaining old ref/values
sharedPreferences = null;
sharedPreferences = getSharedPreferenceFile(context, sharedPrefFilename);
scottyab commented 8 years ago

Thanks for reporting, this was fixed in PR#42