Encrypted SharedPreferences setup in Android app

TRUETECH is engaged in the development, support and maintenance of iOS, Android, PWA mobile applications. We have extensive experience and expertise in publishing mobile applications in popular markets like Google Play, App Store, Amazon, AppGallery and others.
8+Years of work900+Completed projects100+In house employees19+Partners
Development and support of all types of mobile applications:
Information and entertainment mobile applications
News apps, games, reference guides, online catalogs, weather apps, fitness and health apps, travel apps, educational apps, social networks and messengers, quizzes, blogs and podcasts, forums, aggregators
E-commerce mobile applications
Online stores, B2B apps, marketplaces, online exchanges, cashback services, exchanges, dropshipping platforms, loyalty programs, food and goods delivery, payment systems.
Business process management mobile applications
CRM systems, ERP systems, project management, sales team tools, financial management, production management, logistics and delivery management, HR management, data monitoring systems
Electronic services mobile applications
Classified ads platforms, online schools, online cinemas, electronic service platforms, cashback platforms, video hosting, thematic portals, online booking and scheduling platforms, online trading platforms

These are just some of the types of mobile applications we work with, and each of them may have its own specific features and functionality, tailored to the specific needs and goals of the client.

Offered services
Showing 1 of 1 servicesAll 1735 services
Encrypted SharedPreferences setup in Android app
Simple
~1 business day
FAQ
Our competencies:
Development stages
Latest works
  • image_mobile-applications_feedme_467_0.webp
    Development of a mobile application for FEEDME
    756
  • image_mobile-applications_xoomer_471_0.webp
    Development of a mobile application for XOOMER
    624
  • image_mobile-applications_rhl_428_0.webp
    Development of a mobile application for RHL
    1052
  • image_mobile-applications_zippy_411_0.webp
    Development of a mobile application for ZIPPY
    947
  • image_mobile-applications_affhome_429_0.webp
    Development of a mobile application for Affhome
    862
  • image_mobile-applications_flavors_409_0.webp
    Development of a mobile application for the FLAVORS company
    445
Show more works

Setting up Encrypted SharedPreferences in Android Application

When an app doesn't need biometry or complex key schema, but plaintext tokens in SharedPreferences are an obvious risk, EncryptedSharedPreferences from Jetpack Security covers 80% of use cases in half a day.

What Exactly Gets Encrypted

EncryptedSharedPreferences uses Google's Tink library with two-level encryption: keys encrypted with AES256-SIV (deterministic encryption, allows key-based search), values with AES256-GCM. Master key stored in Android Keystore. Result: preferences XML file contains unreadable blob instead of <string name="auth_token">eyJhb...</string>.

Initialization

val masterKey = MasterKey.Builder(context)
    .setKeyScheme(MasterKey.KeyScheme.AES256_GCM)
    .setUserAuthenticationRequired(false)  // true for biometry
    .build()

val prefs = EncryptedSharedPreferences.create(
    context,
    "secure_prefs",
    masterKey,
    EncryptedSharedPreferences.PrefKeyEncryptionScheme.AES256_SIV,
    EncryptedSharedPreferences.PrefValueEncryptionScheme.AES256_GCM
)

After this, API identical to regular SharedPreferencesputString, getString, edit().apply(). No extra code.

Important Limitations

EncryptedSharedPreferences doesn't support getAll() — method throws UnsupportedOperationException. If code anywhere iterates all keys, refactoring is needed before migration.

Preferences file can't be copied between devices — master key tied to specific device's Keystore. Important restriction to warn about when migrating from regular SharedPreferences: restore from backup (Auto Backup) won't bring encrypted data.

Jetpack Security version 1.1.0-alpha (and above) stabilized API after long alpha. Use no lower than 1.1.0-alpha06 — earlier versions have known bug with file corruption under certain write conditions.

When EncryptedSharedPreferences Insufficient

If data needed in background worker without user on screen, and device could be rebooted, you need explicit control over access schemes, that is, direct Keystore work with proper setUserAuthenticationRequired(false). EncryptedSharedPreferences uses BIOMETRIC_STRONG or DEVICE_CREDENTIAL if biometry enabled, which can block background access.

For large data (files, databases), use EncryptedFile from same Jetpack Security, not SharedPreferences.

Timeline

Simple SharedPreferences to EncryptedSharedPreferences swap: 4–8 hours including testing on several API levels. If Auto Backup present and need to properly configure backup_rules.xml to exclude encrypted file from backup — add several more hours.