Status Update
No update yet.
Comments
an...@gmail.com
These days, many apps storing data need that data to be encrypted at rest. Ideally, if a device is equipped with a TEE, it should be leveraged. Likewise, features from API 18 and 23 should be utilized, when available. Right now, developers have to resort to using libraries like this one for this:
It would be better to have a first-part library from Google that aims to aggregate all the security capabilities of the platform in an easy-to-use manner so that the security properties of all apps in the ecosystem can be strengthened. Currently, it seems like every available API is missing something. Perhaps "DataStore" can become the thing that a developer can use to know that their data is being stored correctly and securely for all APIs. Similar to WorkManager, it just does the best it can with what's available.
As an Android Developer, I'm tired of stakeholders thinking that iOS is more secure. Modern Android devices, equipped with TEEs can be just as secure or better! The problem is it is just too hard to store data correctly. I look forward to seeing where this library ends up!
sc...@gmail.com
Anyone looking into it. Can we have ETA on this.
an...@gmail.com
8 months later, this issue has more stars (currently 45) than all other issues for this component, combined. It is currently also the highest priority issue (P2) for component 907884. Would it be possible to get an update here so that developers can better understand the roadmap?
Specifically, the docs state:
If you're currently using SharedPreferences to store data, consider migrating to DataStore instead.
As a developer, I'd like to understand how the DataStore library compares to EncryptedSharedPreferences and which should be the preferred choice, going forward. Using typed objects for key-value storage is nice. Having data encrypted at rest, is ideal--and in my particular case, required by the Security Team. Can we expect DataStore to do both? If so, it would be VERY useful. If not, many developers will have to choose EncryptedSharedPreferences, instead.
ol...@gmail.com
I find following article be helpful. It might also be interesting to someone who is happy to have a custom implementation already now and do not wait until it's officially provided:
ro...@google.com
ha...@gmail.com
dj...@hotmail.com
jm...@google.com
sz...@gmail.com
al...@gmail.com
av...@gmail.com
ne...@gmail.com
ye...@gmail.com
I agree strongly with
Please consider this feature and share the plan if you decide to add it.
sk...@gmail.com
+1 for this issue!
le...@gmail.com
So disappointed and dissatisfied about the lack of SecureDataStore for such a long period of time
+1 for this issue
wi...@azimo.com
le...@gethomesafe.com
If only EncryptedFile was a subclass of File or DataStoreFactory::create had an overload with a produceEncryptedFile parameter... Looking forward to a solution for this. Thanks!
ni...@gmail.com
I wrote a quick wrapper that uses EncryptedFile as the storage for data store. Code is based on the FileStorage from the library itself
Example usage:
@Provides
@Singleton
fun providePreferencesStorage(@ApplicationContext context: Context): Storage<Preferences> {
return EncryptedFileStorage(context, FilePreferencesSerializer()) {
File(context.filesDir, "preferences.pb")
}
}
ni...@gmail.com
Disregard my comment above, this does not work yet, still debugging
ni...@gmail.com
Gist has been updated, seems to work perfectly
os...@gmail.com
You beat me by a moment :)
I've just released the new version of my tiny library adding datastore creation with EncryptedFile - DataStoreFactory.createEncrypted and PreferenceDataStoreFactory.createEncrypted.
Usage:
val dataStore = DataStoreFactory.createEncrypted(serializer) {
EncryptedFile.Builder(
context.dataStoreFile("filename"),
context,
MasterKeys.getOrCreate(MasterKeys.AES256_GCM_SPEC),
EncryptedFile.FileEncryptionScheme.AES256_GCM_HKDF_4KB
).build()
}
Or even simpler, if you use security-crypto-ktx:1.1.0:
val dataStore = DataStoreFactory.createEncrypted(serializer) {
EncryptedFile(
context = context,
file = context.dataStoreFile("filename"),
masterKey = MasterKey(context)
)
}
It works with datastore 1.0.0, but I've not tested it with 1.1.0
uj...@gmail.com
pa...@gmail.com
re...@gmail.com
se...@c24.de
fr...@google.com
Thanks to @os...@gmail.com for creating his extensions to use while we wait for this feature to be implemented. Otherwise I'd have to use encryptedsharedpreferences.
pi...@gmail.com
ma...@gmail.com
Is there any official progress on Google? When migrating a new project, I was struggling with why EncryptedSharedPreferences and Datastore cannot be combined. The datastore needs to implement its own encryption and serialization, which has forced me to temporarily give up using the datastore. I have found the implementation of the building owner, but I am worried that it may consume too much performance.
da...@iamviva.com
+1, please!
For now, I will keep using EncryptedSharedPreferences because it supports encryption and, during my tests, it seems more reliable, but I would like to use DataStore and take advantage of thread and type safety.
ib...@gmail.com
sj...@gmail.com
An official support of DataStore with encryption would be greatly appreciated :)
an...@gmail.com
lu...@gmail.com
This would certainly encourage switching from the EncrypredSharedPreferences
b....@autodoc.eu
gt...@gmail.com
gu...@gmail.com
se...@gmail.com
+1
ha...@gmail.com
da...@gmail.com
se...@asos.com
gi...@gmail.com
ch...@gmail.com
ni...@gmail.com
ha...@mail.ru
mu...@gmail.com
da...@willowtreeapps.com
sj...@gmail.com
Now that androidx.security:security-crypto – which provides EncryptedSharedPreferences – was Storage interface that
in...@gmail.com
al...@gmail.com
633 stars, and no response from Google. Status is still at New, no one cares
ma...@gmail.com
aj...@gmail.com
mo...@devoteam.com
rv...@gmail.com
ko...@gmail.com
to...@gmail.com
ma...@gmail.com
mi...@wandera.com
+1
ya...@gmail.com
+1
jv...@adversus.io
ni...@vishleshan.net
+1
nu...@gmail.com
ti...@gmail.com
vo...@paykey.com
ze...@gmail.com
th...@c0x12c.com
r....@gmail.com
pi...@gmail.com
ti...@gmail.com
wh...@gmail.com
as...@gmail.com
er...@gmail.com
da...@mohemian.com
Native encryption support in DataStore would be a big step to meet modern app security requirements and simplify adoption.
mu...@gmail.com
ed...@asos.com
I am the author of the blog post that was kindly linked in
Like ShredPreferences, data saved within DataStore is stored on the device within the app’s own sandboxed folder structure which is not accessible by default. Additionally, all devices encrypt user data on the filesystem by default as Android version 10 I believe - so what value would further encrypting your DataStore's values really add? If you are storing data that is 'sensitive' locally on the device, then perhaps you have bigger problems to worry about :-P
While I of course do not claim to represent anyone from Google, I believe this is likely also the same view taken by the JetSec team. Hence the deprecation of EncryptedSharedPreferences and the lack of a DataStore equivalent.
The TL;DR is: I'd say Android is likely plenty secure enough for almost every use-case to not need this feature and, as developers, its far better to just follow general security best practices (i.e. DO NOT store personal data on-device)
se...@zonesoft.org
al...@gmail.com
Happy new year! 735 stars and counting, and still no response from Google
Description