Implementing EncryptedSharedPreferences with XML UI

In modern Android development, securing sensitive data is paramount. The EncryptedSharedPreferences API, part of the Android Jetpack Security library, allows developers to store data in an encrypted format. While many examples focus on using EncryptedSharedPreferences in a Jetpack Compose context, integrating it with traditional XML UI layouts requires a slightly different approach. This blog post will guide you through the process of implementing EncryptedSharedPreferences within an XML UI-based Android application.

What is EncryptedSharedPreferences?

EncryptedSharedPreferences is an Android API designed to encrypt shared preferences data, adding an extra layer of security to your application. This API utilizes Google’s Tink cryptography library, which is highly reliable and secure.

Why Use EncryptedSharedPreferences?

  • Enhanced Security: Protects sensitive data like API keys, user tokens, and personal information.
  • Ease of Use: Simple to integrate into existing projects with minimal code changes.
  • Integration with Tink: Leverages Google’s trusted Tink cryptography library.
  • Best Practice: Follows industry best practices for secure data storage.

Prerequisites

Before diving into the implementation, ensure that you have the following:

  • Android Studio installed
  • An existing Android project or a new one set up with XML UI
  • Target SDK version 23 or higher (Marshmallow)

Step-by-Step Implementation of EncryptedSharedPreferences with XML UI

Step 1: Add Dependencies

Add the necessary dependencies to your build.gradle file.

dependencies {
    implementation("androidx.security:security-crypto:1.1.0-alpha06") // Ensure this is the latest stable or beta version
    implementation("androidx.appcompat:appcompat:1.6.1")
    implementation("com.google.android.material:material:1.11.0")
}

Remember to sync your project after adding these dependencies.

Step 2: Create a Helper Class for EncryptedSharedPreferences

Create a utility class to handle the initialization and access to EncryptedSharedPreferences.

import android.content.Context
import androidx.security.crypto.EncryptedSharedPreferences
import androidx.security.crypto.MasterKeys

object SecureStorageManager {

    private const val PREF_FILE_NAME = "secure_prefs"
    
    private var encryptedSharedPreferences: EncryptedSharedPreferences? = null

    fun initialize(context: Context) {
        if (encryptedSharedPreferences == null) {
            val masterKeyAlias = MasterKeys.getOrCreate(MasterKeys.AES256_GCM_SPEC)

            encryptedSharedPreferences = EncryptedSharedPreferences.create(
                PREF_FILE_NAME,
                masterKeyAlias,
                context,
                EncryptedSharedPreferences.PrefKeyEncryptionScheme.AES256_SIV,
                EncryptedSharedPreferences.PrefValueEncryptionScheme.AES256_GCM
            ) as EncryptedSharedPreferences
        }
    }

    fun getSharedPreferences(): EncryptedSharedPreferences {
        return encryptedSharedPreferences ?: throw IllegalStateException("SecureStorageManager not initialized")
    }

    fun clear() {
         encryptedSharedPreferences?.edit()?.clear()?.apply()
    }
}

This class ensures that EncryptedSharedPreferences is initialized only once, preventing memory leaks and ensuring consistent access.

Step 3: Initialize EncryptedSharedPreferences in Your Application Class

To ensure that the EncryptedSharedPreferences are initialized when your app starts, initialize it in your Application class.

import android.app.Application

class MyApplication : Application() {
    override fun onCreate() {
        super.onCreate()
        SecureStorageManager.initialize(applicationContext)
    }
}

Don’t forget to declare your Application class in your AndroidManifest.xml:

Step 4: Implement Saving and Retrieving Data in Your Activity or Fragment

Now, use the helper class in your activities or fragments to save and retrieve data.

Create the necessary UI components in your activity_main.xml file. For simplicity, let's use an EditText and a Button to save a string and a TextView to display the retrieved string.

Then, implement the logic in your MainActivity to handle the UI interaction and secure data storage.

import android.os.Bundle
import android.widget.Button
import android.widget.EditText
import android.widget.TextView
import androidx.appcompat.app.AppCompatActivity

class MainActivity : AppCompatActivity() {

    private lateinit var editTextData: EditText
    private lateinit var buttonSave: Button
    private lateinit var textViewRetrievedData: TextView

    override fun onCreate(savedInstanceState: Bundle?) {
        super.onCreate(savedInstanceState)
        setContentView(R.layout.activity_main)

        editTextData = findViewById(R.id.editTextData)
        buttonSave = findViewById(R.id.buttonSave)
        textViewRetrievedData = findViewById(R.id.textViewRetrievedData)

        buttonSave.setOnClickListener {
            saveData()
        }

        retrieveData() // Retrieve and display the data when the activity is created
    }

    private fun saveData() {
        val dataToSave = editTextData.text.toString()
        val sharedPreferences = SecureStorageManager.getSharedPreferences()
        val editor = sharedPreferences.edit()
        editor.putString("sensitive_data", dataToSave)
        editor.apply()

        // Optionally, clear the EditText after saving
        editTextData.text.clear()

        //Update UI
        retrieveData()
    }

    private fun retrieveData() {
        val sharedPreferences = SecureStorageManager.getSharedPreferences()
        val retrievedData = sharedPreferences.getString("sensitive_data", "No data saved")
        textViewRetrievedData.text = "Retrieved Data: $retrievedData"
    }
}

Step 5: Testing Your Implementation

Run your application, enter some data into the EditText, and click the save button. Verify that the data is saved and retrieved correctly. You can also check the shared_prefs directory using Android Studio's Device File Explorer to confirm that the preference file is encrypted (the contents will be unreadable without decryption).

Best Practices and Considerations

  • Handle Exceptions: Always wrap the EncryptedSharedPreferences initialization in a try-catch block to handle potential exceptions.
  • Data Sensitivity: Only store truly sensitive data using this method. Overusing encryption can impact performance.
  • Key Rotation: Consider implementing key rotation strategies for enhanced security.
  • Regularly Update Dependencies: Keep the security-crypto dependency updated to benefit from the latest security patches and improvements.

Advanced Tips

  • Clearing all data you can implement the Clear option: 
        fun clear() {
         encryptedSharedPreferences?.edit()?.clear()?.apply()
    }

    And calling that from any place that has access to that Helper class:

     SecureStorageManager.clear()
  • Key Derivation: Use robust key derivation functions (KDFs) if you derive encryption keys from user passwords or other secrets.
  • Secure Backup: When using Android's backup service, exclude EncryptedSharedPreferences to prevent keys from being backed up insecurely.

Conclusion

Implementing EncryptedSharedPreferences in an XML UI-based Android application provides a straightforward way to secure sensitive data. By following these steps and best practices, you can enhance your app's security posture and protect user data effectively. The combination of enhanced security and relative ease of implementation makes it a valuable tool in any Android developer’s arsenal.

Beyond This Article: Your Next Discovery Awaits

Data Binding vs. View Binding in Android: Choosing the Right Tool
Android UI Optimization: Flattening View Hierarchies with ConstraintLayout and Kotlin XML
Elevation & Shadows: Material Design in Android XML with Kotlin
Understanding ViewModel in Jetpack Compose: A Comprehensive Guide for Android Developers
LazyRow Equivalent Implementation in XML Using RecyclerView
Building Media Players with XML UI
Tagged with , , , , , , , , ,