Announcement: Android Jetpack Security library

If you're doing Android development you might find this library which we just announced at IO useful:

https://developer.android.com/topic/security/data

It provides two new simple, easy to use APIs, based on Tink, that allow to encrypt files and shared preferences.

For example, if your apps store files (e.g., media, documents, etc.) in shared storage, you can encrypt them to ensure that other apps cannot read or modify them.

This library also provides a drop in replacement for the well-known SharedPreferences and Editor classes. The new implementations transparently encrypt/decrypt all data, giving you a defense in depth countermeasure against vulnerabilities in Android or your own apps.

Leveraging Android Keystore, you can also ensure that your files or shared preferences are only decrypted iff the end user has been authenticated. The end user is authenticated using a subset of their secure lock screen credentials (pattern/PIN/password, fingerprint).

The library is in Alpha. Installation instructions can be found at https://developer.android.com/jetpack/androidx/releases/security#declaring_dependencies. Please play with it and leave a comment or email me if you have any questions and/or suggestions.

PS: A little fun fact: the library was added to Android in https://android-review.googlesource.com/c/platform/frameworks/support/+/929990. I never had as many comments in a single PR :)

Comments