Secure Preferences Implementation

Secure Preferences Provider

License

License

GroupId

GroupId

com.thomashaertel
ArtifactId

ArtifactId

secure-preferences
Last Version

Last Version

0.2.0
Release Date

Release Date

Type

Type

aar
Description

Description

Secure Preferences Implementation
Secure Preferences Provider
Project URL

Project URL

https://github.com/thomashaertel/secure-preferences
Source Code Management

Source Code Management

https://github.com/thomashaertel/secure-preferences

Download secure-preferences

How to add to project

<!-- https://jarcasting.com/artifacts/com.thomashaertel/secure-preferences/ -->
<dependency>
    <groupId>com.thomashaertel</groupId>
    <artifactId>secure-preferences</artifactId>
    <version>0.2.0</version>
    <type>aar</type>
</dependency>
// https://jarcasting.com/artifacts/com.thomashaertel/secure-preferences/
implementation 'com.thomashaertel:secure-preferences:0.2.0'
// https://jarcasting.com/artifacts/com.thomashaertel/secure-preferences/
implementation ("com.thomashaertel:secure-preferences:0.2.0")
'com.thomashaertel:secure-preferences:aar:0.2.0'
<dependency org="com.thomashaertel" name="secure-preferences" rev="0.2.0">
  <artifact name="secure-preferences" type="aar" />
</dependency>
@Grapes(
@Grab(group='com.thomashaertel', module='secure-preferences', version='0.2.0')
)
libraryDependencies += "com.thomashaertel" % "secure-preferences" % "0.2.0"
[com.thomashaertel/secure-preferences "0.2.0"]

Dependencies

There are no dependencies for this project. It is a standalone project that does not depend on any other jars.

Project Modules

There are no modules declared in this project.

Secure-preferences

Download Build Status

This is Android Shared preference wrapper that encrypts the keys and values of Shared Preferences using 256-bit AES. The key is stored in the preferences and so can be read and extracted by root user. Keys and values are encrypted and base64 encoded before storing into prefs.

The sample app is available on playstore

Much of the original code is from Daniel Abraham article on codeproject. This project was created and shared on Github with his permission.

screenshot

##Release Notes: 0.2.0

  • Changed instantiation similar to SharedPreferences
  • Moved static class attributes to be members to support multiple preference stores in different files
  • Added the possibility to change the encryption provider
  • Key can be stored either encrypted or as plaintext

0.1.0

  • Android Studio supported project structure
  • Created android library on bintray and maven central

0.0.4

  • Gralde support thanks @yelinaung
  • Fix for OnPreferenceChanged listener @richardleggett

0.0.3

  • Added test Project
  • Updated sample ready for playstore upload

0.0.2

  • Added methods to get/set strings un-encrypted
  • Added backup PBKDF function in case PBKDF2WithHmacSHA1 not supported
  • Refactored code to make it easier to change the AES mode and PBKDF function.
  • Increased iterations of PBKDF from 1000 to 2000.

0.0.1

  • Initial import to github I've modified the project structure.
  • Included the Android base64 class so library can be used by Android 2.1+.
  • Enhanced the sample project dumps current prefs to illustrate the fact they are stored encrypted and Base64 encoded.

##Building ###Gradle

####From Bintray

Add maven central to your build.gradle:

buildscript {
  repositories {
    jcenter()
  }
}

repositories {
  jcenter()
}

####From maven central

Add maven central to your build.gradle:

buildscript {
  repositories {
    mavenCentral()
  }
}

repositories {
  mavenCentral()
}

Then declare Android Calendar View within your dependencies:

dependencies {
  ...
  compile('com.thomashaertel:secure-preferences:0.2.0@aar') {
  }
  ...
}

###Maven

####From maven central

To use Android Calendar View within your maven build simply add

<dependency>
  <artifactId>secure-preferences</artifactId>
  <version>${secure-preferences.version}</version>
  <groupId>com.thomashaertel</groupId>
</dependency>

to your pom.xml

If you also want the sources or javadoc add the respective classifier

  <classifier>sources</classifier>

or

  <classifier>javadoc</classifier>

to the dependency.

##Disclaimer It's not bullet proof security (in fact it's more like obfuscation of the preferences) but it's a quick win for incrementally making your android app more secure. For instance it'll stop users on rooted devices easily modifying your app's shared prefs.

##Contributing Please do send me pull requests, but also bugs and enhancement requests are welcome. Although no guarantees on when I can review them.

##Licence Apache License, Version 2.0

Copyright (C) 2013, Daniel Abraham, Scott Alexander-Bown, 2015 Thomas Haertel

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

     http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

Versions

Version
0.2.0
0.1.1
0.1.0