How to Secure Android Shared Preferences?

Question

The common location where SharedPreferences are stored in Android apps is:

/data/data//shared_prefs/


        

Answer 1

UPDATED ANSWER:

Android has released a security library with EncryptedSharedPreferences in their Jetpack library.

Min API is 23 (6.0+)

String masterKeyAlias = MasterKeys.getOrCreate(MasterKeys.AES256_GCM_SPEC);

SharedPreferences sharedPreferences = EncryptedSharedPreferences.create(
    "secret_shared_prefs",
    masterKeyAlias,
    context,
    EncryptedSharedPreferences.PrefKeyEncryptionScheme.AES256_SIV,
    EncryptedSharedPreferences.PrefValueEncryptionScheme.AES256_GCM
);

// use the shared preferences and editor as you normally would
SharedPreferences.Editor editor = sharedPreferences.edit();

Answer 2

For below API 23 check out the Datum library. It ciphers data asynchronously:

StringDatum stringDatum = provider.new StringDatum("string_key", "default");
stringDatum.setValue("new value");
stringDatum.getValue(value->{
    //got value
});

Answer 3

Base64 is NOT encryption! Don't use it! Yes 'root' users can access that data. One thing you can do is use AES to encrypt either that data or use a single NoSQL database file and encrypt that file. When the app opens, you decrypt the database and use that to store info or encrypt all files independently.

Look here: https://code.tutsplus.com/tutorials/storing-data-securely-on-android--cms-30558