Feature Request: Support for encryption in Datastore [167697691]

Feature Request

Status Update

No update yet.

Description

ro...@google.com

created issue #1

Sep 3, 2020 06:58PM

Currently, if users want to encrypt data stored in DataStore they would need to write an encrypting Serializer themselves. We should support an easy to use solution like:

https://developer.android.com/reference/androidx/security/crypto/EncryptedSharedPreferences

Comments

an...@gmail.com <an...@gmail.com> #2Sep 7, 2020 09:16PM

there are some image for help

sc...@gmail.com <sc...@gmail.com> #3Apr 13, 2021 04:49AM

hello?

an...@gmail.com <an...@gmail.com> #4May 2, 2021 02:51AM

8 months later, this issue has more stars (currently 45) than all other issues for this component, combined. It is currently also the highest priority issue (P2) for component 907884. Would it be possible to get an update here so that developers can better understand the roadmap?

Specifically, the docs state:

If you're currently using SharedPreferences to store data, consider migrating to DataStore instead.

As a developer, I'd like to understand how the DataStore library compares to EncryptedSharedPreferences and which should be the preferred choice, going forward. Using typed objects for key-value storage is nice. Having data encrypted at rest, is ideal--and in my particular case, required by the Security Team. Can we expect DataStore to do both? If so, it would be VERY useful. If not, many developers will have to choose EncryptedSharedPreferences, instead.

ol...@gmail.com <ol...@gmail.com> #5May 7, 2021 04:27PM

As far as I see, adding encryption should be relatively easy task. However it will help a lot of people to migrate to it safely.

I find following article be helpful. It might also be interesting to someone who is happy to have a custom implementation already now and do not wait until it's officially provided:

https://blog.stylingandroid.com/datastore-security/

ro...@google.com <ro...@google.com> May 7, 2021 05:20PM

Reassigned to jm...@google.com.

ha...@gmail.com <ha...@gmail.com> #6Sep 26, 2021 07:02AM

More than a year has passed now, why this feature is not available yet?

dj...@hotmail.com <dj...@hotmail.com> #7Feb 6, 2022 03:57AM

This is the main concern for migrating to DataStore. I don't think many companies will consider using it until there is a good way to encrypt preferences without any boilerplate. Is there any plan to add this feature soon?

jm...@google.com <jm...@google.com> Mar 8, 2022 09:22PM

Status: New

sz...@gmail.com <sz...@gmail.com> #8Apr 3, 2022 12:56PM

Please!

al...@gmail.com <al...@gmail.com> #9May 21, 2022 08:13AM

Why am I not surprised? Typical Android development by Google. Release half backed feature and then eventually will finish but nobody will use it

av...@gmail.com <av...@gmail.com> #10Jun 1, 2022 04:46PM

ne...@gmail.com <ne...@gmail.com> #11Jun 7, 2022 12:11AM

Agree. Instead of integrating EncryptedSharedPreference, we would definitely perfer to integrate with EncryptedDataStore.

ye...@gmail.com <ye...@gmail.com> #12Jul 20, 2022 03:20AM

+1
I agree strongly with

comment #7

.
Please consider this feature and share the plan if you decide to add it.

sk...@gmail.com <sk...@gmail.com> #13Jul 29, 2022 07:34AM

Was considering of doing a migration to DataStore, but lack of encryption is daunting. You can of course write your own solution to encrypt data with DataStore however, in the future you will have to scrape it once Google officially supports encryption via DataStore.

+1 for this issue!

le...@gmail.com <le...@gmail.com> #14Sep 4, 2022 09:37AM

This issue blocks my company to use DataStore
So disappointed and dissatisfied about the lack of SecureDataStore for such a long period of time

+1 for this issue

wi...@azimo.com <wi...@azimo.com> #15Oct 6, 2022 12:28PM

It's a shame I cannot use DataStore in brand new project because Google is being Google. How can I feel excited for new features when tools like DataStore are being left out? This just gives me an impression we will never get fully ready feature from Google. Big thumb down from a Google devices fangirl.

le...@gethomesafe.com <le...@gethomesafe.com> #16Nov 3, 2022 09:23PM

If only EncryptedFile was a subclass of File or DataStoreFactory::create had an overload with a produceEncryptedFile parameter... Looking forward to a solution for this. Thanks!

ni...@gmail.com <ni...@gmail.com> #17Nov 16, 2022 01:03PM

I wrote a quick wrapper that uses EncryptedFile as the storage for data store. Code is based on the FileStorage from the library itself

https://gist.github.com/NicolaVerbeeck/4bb3e29915619a73a4c555291cbf653a

Example usage:

    @Provides
    @Singleton
    fun providePreferencesStorage(@ApplicationContext context: Context): Storage<Preferences> {
        return EncryptedFileStorage(context, FilePreferencesSerializer()) {
            File(context.filesDir, "preferences.pb")
        }
    }

ni...@gmail.com <ni...@gmail.com> #18Nov 16, 2022 03:16PM

Disregard my comment above, this does not work yet, still debugging

ni...@gmail.com <ni...@gmail.com> #19Nov 16, 2022 04:52PM

Gist has been updated, seems to work perfectly

os...@gmail.com <os...@gmail.com> #20Nov 18, 2022 08:08PM

You beat me by a moment :)

I've just released the new version of my tiny library adding datastore creation with EncryptedFile - https://github.com/osipxd/encrypted-datastore (to survive until Google will release an official encryption implementation). This library provides extensions DataStoreFactory.createEncrypted and PreferenceDataStoreFactory.createEncrypted.

Usage:

val dataStore = DataStoreFactory.createEncrypted(serializer) {
    EncryptedFile.Builder(
        context.dataStoreFile("filename"),
        context,
        MasterKeys.getOrCreate(MasterKeys.AES256_GCM_SPEC),
        EncryptedFile.FileEncryptionScheme.AES256_GCM_HKDF_4KB
    ).build()
}

Or even simpler, if you use security-crypto-ktx:1.1.0:

val dataStore = DataStoreFactory.createEncrypted(serializer) {
    EncryptedFile(
        context = context,
        file = context.dataStoreFile("filename"),
        masterKey = MasterKey(context)
    )
}

It works with datastore 1.0.0, but I've not tested it with 1.1.0

uj...@gmail.com <uj...@gmail.com> #21Dec 12, 2022 09:21AM

What is the ETA for this ?

pa...@gmail.com <pa...@gmail.com> #22Jan 31, 2023 02:01PM

This would be a solid reason for migrating to this library.

re...@gmail.com <re...@gmail.com> #23Feb 11, 2023 12:34PM

still no update, are they even going to release ?

se...@c24.de <se...@c24.de> #24Feb 13, 2023 01:14PM

Is there any update?

fr...@google.com <fr...@google.com> #25Mar 8, 2023 03:53PM

Thanks to @os...@gmail.com for creating his extensions to use while we wait for this feature to be implemented. Otherwise I'd have to use encryptedsharedpreferences.

pi...@gmail.com <pi...@gmail.com> #26Jul 26, 2023 06:49AM

Is there any plan for this feature ?

ma...@gmail.com <ma...@gmail.com> #27Sep 6, 2023 07:49AM

+1, please!

Is there any official progress on Google? When migrating a new project, I was struggling with why EncryptedSharedPreferences and Datastore cannot be combined. The datastore needs to implement its own encryption and serialization, which has forced me to temporarily give up using the datastore. I have found the implementation of the building owner, but I am worried that it may consume too much performance.

da...@iamviva.com <da...@iamviva.com> #28Jan 15, 2024 01:06PM

+1, please!

For now, I will keep using EncryptedSharedPreferences because it supports encryption and, during my tests, it seems more reliable, but I would like to use DataStore and take advantage of thread and type safety.

Message last modified on Jan 15, 2024 01:07PM

ib...@gmail.com <ib...@gmail.com> #29Jan 19, 2024 08:06AM

sj...@gmail.com <sj...@gmail.com> #30Jan 31, 2024 01:05PM

An official support of DataStore with encryption would be greatly appreciated :)

an...@gmail.com <an...@gmail.com> #31Feb 12, 2024 05:16AM

lu...@gmail.com <lu...@gmail.com> #32Feb 29, 2024 08:30AM

This would certainly encourage switching from the EncrypredSharedPreferences

b....@autodoc.eu <b....@autodoc.eu> #33Mar 1, 2024 02:53PM

gt...@gmail.com <gt...@gmail.com> #34Mar 14, 2024 06:51AM

gu...@gmail.com <gu...@gmail.com> #35Mar 19, 2024 12:56PM

se...@gmail.com <se...@gmail.com> #36Apr 2, 2024 05:35AM

ha...@gmail.com <ha...@gmail.com> #37Apr 8, 2024 03:16AM

+1 please

da...@gmail.com <da...@gmail.com> #38Apr 9, 2024 02:28PM

se...@asos.com <se...@asos.com> #39Apr 14, 2024 10:03AM

le...@gethomesafe.com <le...@gethomesafe.com> #40Apr 18, 2024 08:48PM

I can see v1.1.0 exposes a "new Storage interface". Will there be an official EncryptedFileStorage (or similar) or are we expected to implement encryption ourselves?

gi...@gmail.com <gi...@gmail.com> #41Apr 23, 2024 05:18PM

ch...@gmail.com <ch...@gmail.com> #42Apr 24, 2024 02:48AM

ni...@gmail.com <ni...@gmail.com> #43Apr 29, 2024 10:37AM

ha...@mail.ru <ha...@mail.ru> #44May 1, 2024 11:20AM

Guys waiting for an encryption support))) +++++++++1

mu...@gmail.com <mu...@gmail.com> #45May 1, 2024 01:38PM

The devs can't even be bothered to post an update in this thread, so i don't think anybody should be holding their breath for them actually implementing this feature.

da...@willowtreeapps.com <da...@willowtreeapps.com> #46Jun 4, 2024 03:58PM

sj...@gmail.com <sj...@gmail.com> #47Jun 4, 2024 04:14PM

Now that androidx.security:security-crypto – which provides EncryptedSharedPreferences – was silently deprecated, it would be really nice if we get an encrypted DataStore via the Storage interface that comment #40 mentioned 🙂

in...@gmail.com <in...@gmail.com> #48Jul 24, 2024 02:39PM

al...@gmail.com <al...@gmail.com> #49Aug 3, 2024 01:19PM

633 stars, and no response from Google. Status is still at New, no one cares

ma...@gmail.com <ma...@gmail.com> #50Aug 3, 2024 03:29PM

aj...@gmail.com <aj...@gmail.com> #51Aug 12, 2024 06:14AM

I need it! +1

mo...@devoteam.com <mo...@devoteam.com> #52Aug 26, 2024 11:12AM

Comment has been deleted.

Message last modified on Aug 26, 2024 11:12AM

rv...@gmail.com <rv...@gmail.com> #53Sep 24, 2024 05:51PM

ko...@gmail.com <ko...@gmail.com> #54Sep 26, 2024 12:06PM

to...@gmail.com <to...@gmail.com> #55Sep 30, 2024 11:44AM

ma...@gmail.com <ma...@gmail.com> #56Oct 1, 2024 08:45PM

mi...@wandera.com <mi...@wandera.com> #57Oct 2, 2024 12:46PM

ya...@gmail.com <ya...@gmail.com> #58Oct 5, 2024 04:12PM

jv...@adversus.io <jv...@adversus.io> #59Oct 10, 2024 11:02AM

Comment has been deleted.

Message last modified on Oct 10, 2024 11:03AM

ni...@vishleshan.net <ni...@vishleshan.net> #60Oct 18, 2024 06:46AM

nu...@gmail.com <nu...@gmail.com> #61Oct 21, 2024 04:24PM

ti...@gmail.com <ti...@gmail.com> #62Oct 22, 2024 06:16PM

vo...@paykey.com <vo...@paykey.com> #63Oct 31, 2024 09:42AM

ze...@gmail.com <ze...@gmail.com> #64Oct 31, 2024 02:28PM

th...@c0x12c.com <th...@c0x12c.com> #65Nov 17, 2024 01:14AM

r....@gmail.com <r....@gmail.com> #66Nov 24, 2024 04:33PM

pi...@gmail.com <pi...@gmail.com> #67Dec 2, 2024 11:09AM

4 years, +1 :)

ti...@gmail.com <ti...@gmail.com> #68Dec 4, 2024 02:36PM

wh...@gmail.com <wh...@gmail.com> #69Dec 10, 2024 11:22PM

as...@gmail.com <as...@gmail.com> #70Dec 17, 2024 07:33AM

er...@gmail.com <er...@gmail.com> #71Dec 18, 2024 07:24AM

da...@mohemian.com <da...@mohemian.com> #72Dec 18, 2024 03:13PM

+1

Native encryption support in DataStore would be a big step to meet modern app security requirements and simplify adoption.

mu...@gmail.com <mu...@gmail.com> #73Dec 18, 2024 04:14PM

Let it go, people. It's been 4 years. It's never going to happen.

ed...@asos.com <ed...@asos.com> #74Dec 18, 2024 05:01PM

I am the author of the blog post that was kindly linked in comment #47. I would highly recommend reading the 'Why NOT JetSec Crypto in 2024?' section of that post as it might help in deciding whether this is really a feature that is needed. I would probably argue for 99 cases out of 100, no. It isn't.

Like ShredPreferences, data saved within DataStore is stored on the device within the app’s own sandboxed folder structure which is not accessible by default. Additionally, all devices encrypt user data on the filesystem by default as Android version 10 I believe - so what value would further encrypting your DataStore's values really add? If you are storing data that is 'sensitive' locally on the device, then perhaps you have bigger problems to worry about :-P

While I of course do not claim to represent anyone from Google, I believe this is likely also the same view taken by the JetSec team. Hence the deprecation of EncryptedSharedPreferences and the lack of a DataStore equivalent.

The TL;DR is: I'd say Android is likely plenty secure enough for almost every use-case to not need this feature and, as developers, its far better to just follow general security best practices (i.e. DO NOT store personal data on-device)

se...@zonesoft.org <se...@zonesoft.org> #75Dec 18, 2024 05:57PM

Fear not. I'm building a feature 7 years after it was requested, so google might too.

al...@gmail.com <al...@gmail.com> #76Jan 4, 2025 12:25AM

Happy new year! 735 stars and counting, and still no response from Google

Issue 167697691

Description

Issue summary

Comments

an...@gmail.com <an...@gmail.com> #2Sep 7, 2020 09:16PM

sc...@gmail.com <sc...@gmail.com> #3Apr 13, 2021 04:49AM

an...@gmail.com <an...@gmail.com> #4May 2, 2021 02:51AM

ol...@gmail.com <ol...@gmail.com> #5May 7, 2021 04:27PM

ro...@google.com <ro...@google.com> May 7, 2021 05:20PM

ha...@gmail.com <ha...@gmail.com> #6Sep 26, 2021 07:02AM

dj...@hotmail.com <dj...@hotmail.com> #7Feb 6, 2022 03:57AM

jm...@google.com <jm...@google.com> Mar 8, 2022 09:22PM

sz...@gmail.com <sz...@gmail.com> #8Apr 3, 2022 12:56PM

al...@gmail.com <al...@gmail.com> #9May 21, 2022 08:13AM

av...@gmail.com <av...@gmail.com> #10Jun 1, 2022 04:46PM

ne...@gmail.com <ne...@gmail.com> #11Jun 7, 2022 12:11AM

ye...@gmail.com <ye...@gmail.com> #12Jul 20, 2022 03:20AM

sk...@gmail.com <sk...@gmail.com> #13Jul 29, 2022 07:34AM

le...@gmail.com <le...@gmail.com> #14Sep 4, 2022 09:37AM

wi...@azimo.com <wi...@azimo.com> #15Oct 6, 2022 12:28PM

le...@gethomesafe.com <le...@gethomesafe.com> #16Nov 3, 2022 09:23PM

ni...@gmail.com <ni...@gmail.com> #17Nov 16, 2022 01:03PM

ni...@gmail.com <ni...@gmail.com> #18Nov 16, 2022 03:16PM

ni...@gmail.com <ni...@gmail.com> #19Nov 16, 2022 04:52PM

os...@gmail.com <os...@gmail.com> #20Nov 18, 2022 08:08PM

uj...@gmail.com <uj...@gmail.com> #21Dec 12, 2022 09:21AM

pa...@gmail.com <pa...@gmail.com> #22Jan 31, 2023 02:01PM

re...@gmail.com <re...@gmail.com> #23Feb 11, 2023 12:34PM

se...@c24.de <se...@c24.de> #24Feb 13, 2023 01:14PM

fr...@google.com <fr...@google.com> #25Mar 8, 2023 03:53PM

pi...@gmail.com <pi...@gmail.com> #26Jul 26, 2023 06:49AM

ma...@gmail.com <ma...@gmail.com> #27Sep 6, 2023 07:49AM

da...@iamviva.com <da...@iamviva.com> #28Jan 15, 2024 01:06PM

ib...@gmail.com <ib...@gmail.com> #29Jan 19, 2024 08:06AM

sj...@gmail.com <sj...@gmail.com> #30Jan 31, 2024 01:05PM

an...@gmail.com <an...@gmail.com> #31Feb 12, 2024 05:16AM

lu...@gmail.com <lu...@gmail.com> #32Feb 29, 2024 08:30AM

b....@autodoc.eu <b....@autodoc.eu> #33Mar 1, 2024 02:53PM

gt...@gmail.com <gt...@gmail.com> #34Mar 14, 2024 06:51AM

gu...@gmail.com <gu...@gmail.com> #35Mar 19, 2024 12:56PM

se...@gmail.com <se...@gmail.com> #36Apr 2, 2024 05:35AM

ha...@gmail.com <ha...@gmail.com> #37Apr 8, 2024 03:16AM

da...@gmail.com <da...@gmail.com> #38Apr 9, 2024 02:28PM

se...@asos.com <se...@asos.com> #39Apr 14, 2024 10:03AM

le...@gethomesafe.com <le...@gethomesafe.com> #40Apr 18, 2024 08:48PM

gi...@gmail.com <gi...@gmail.com> #41Apr 23, 2024 05:18PM

ch...@gmail.com <ch...@gmail.com> #42Apr 24, 2024 02:48AM

ni...@gmail.com <ni...@gmail.com> #43Apr 29, 2024 10:37AM

ha...@mail.ru <ha...@mail.ru> #44May 1, 2024 11:20AM

mu...@gmail.com <mu...@gmail.com> #45May 1, 2024 01:38PM

da...@willowtreeapps.com <da...@willowtreeapps.com> #46Jun 4, 2024 03:58PM

sj...@gmail.com <sj...@gmail.com> #47Jun 4, 2024 04:14PM

in...@gmail.com <in...@gmail.com> #48Jul 24, 2024 02:39PM

al...@gmail.com <al...@gmail.com> #49Aug 3, 2024 01:19PM

ma...@gmail.com <ma...@gmail.com> #50Aug 3, 2024 03:29PM

aj...@gmail.com <aj...@gmail.com> #51Aug 12, 2024 06:14AM

mo...@devoteam.com <mo...@devoteam.com> #52Aug 26, 2024 11:12AM

rv...@gmail.com <rv...@gmail.com> #53Sep 24, 2024 05:51PM

ko...@gmail.com <ko...@gmail.com> #54Sep 26, 2024 12:06PM

to...@gmail.com <to...@gmail.com> #55Sep 30, 2024 11:44AM

ma...@gmail.com <ma...@gmail.com> #56Oct 1, 2024 08:45PM

mi...@wandera.com <mi...@wandera.com> #57Oct 2, 2024 12:46PM

ya...@gmail.com <ya...@gmail.com> #58Oct 5, 2024 04:12PM

jv...@adversus.io <jv...@adversus.io> #59Oct 10, 2024 11:02AM

ni...@vishleshan.net <ni...@vishleshan.net> #60Oct 18, 2024 06:46AM

nu...@gmail.com <nu...@gmail.com> #61Oct 21, 2024 04:24PM

ti...@gmail.com <ti...@gmail.com> #62Oct 22, 2024 06:16PM

vo...@paykey.com <vo...@paykey.com> #63Oct 31, 2024 09:42AM

ze...@gmail.com <ze...@gmail.com> #64Oct 31, 2024 02:28PM

th...@c0x12c.com <th...@c0x12c.com> #65Nov 17, 2024 01:14AM

r....@gmail.com <r....@gmail.com> #66Nov 24, 2024 04:33PM

pi...@gmail.com <pi...@gmail.com> #67Dec 2, 2024 11:09AM

ti...@gmail.com <ti...@gmail.com> #68Dec 4, 2024 02:36PM

wh...@gmail.com <wh...@gmail.com> #69Dec 10, 2024 11:22PM

as...@gmail.com <as...@gmail.com> #70Dec 17, 2024 07:33AM

er...@gmail.com <er...@gmail.com> #71Dec 18, 2024 07:24AM

da...@mohemian.com <da...@mohemian.com> #72Dec 18, 2024 03:13PM

mu...@gmail.com <mu...@gmail.com> #73Dec 18, 2024 04:14PM

ed...@asos.com <ed...@asos.com> #74Dec 18, 2024 05:01PM

se...@zonesoft.org <se...@zonesoft.org> #75Dec 18, 2024 05:57PM