如何保护 Android 共享首选项? [英] How to Secure Android Shared Preferences?

问题描述

SharedPreferences 在 Android 应用中的常见存储位置是:

The common location where SharedPreferences are stored in Android apps is:

/data/data/<package name>/shared_prefs/<filename.xml>

具有 root 权限的用户可以导航到此位置并可以更改其值.保护它的需要非常重要.

User with root privileges can navigate to this location and can change its values.Need of protecting it is of much importance.

有多少种方法可以加密整个 shared_pref 的 xml 文件?

In how many ways we can encrypt whole shared_pref's xml file?

我们都知道我们可以将数据加密保存在shared_pref's xml 文件中，但这不仅100% 安全，所以需要用密钥加密整个文件.需要帮助了解加密整个 xml 文件的各种方法.这是一个通用问题，这里讨论的各种加密方法作为答案对所有开发者保护应用程序都有帮助.

We all know that we can encrypt and save data in shared_pref's xml file, but that's not only 100% safe, so need to encrypt whole file with a key. Need help in knowing various ways to encrypt whole xml file. This is generic question, various encryption methods discussed as answers here can be helpful to all developers in securing apps.

推荐答案

更新的答案:

Android 发布了一个带有 EncryptedSharedPreferences 的安全库在他们的 Jetpack 库中.

Android has released a security library with EncryptedSharedPreferences in their Jetpack library.

使用 v1.1.0 版本，您可以支持 Lollipop(API 级别 21) 及以上

With version v1.1.0 you can support Lollipop (API level 21) and above

String masterKeyAlias = MasterKeys.getOrCreate(MasterKeys.AES256_GCM_SPEC);

SharedPreferences sharedPreferences = EncryptedSharedPreferences.create(
    "secret_shared_prefs",
    masterKeyAlias,
    context,
    EncryptedSharedPreferences.PrefKeyEncryptionScheme.AES256_SIV,
    EncryptedSharedPreferences.PrefValueEncryptionScheme.AES256_GCM
);

// use the shared preferences and editor as you normally would
SharedPreferences.Editor editor = sharedPreferences.edit();

这篇关于如何保护 Android 共享首选项?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！