Home/ Questions/Q 8560361
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-11T16:15:32+00:00

I’m using a custom subclass of SharedPreferences to encrypt my saved settings in the

  • 0

I’m using a custom subclass of SharedPreferences to encrypt my saved settings in the app, similar to what’s being done in the second response here: What is the most appropriate way to store user settings in Android application

The number of preferences I have to save is growing. Before I was just using a custom view to update these preferences but that is going to become cumbersome and I want to use PreferenceActivity or PreferenceFragment instead. Problem is, it does not seem that there is a way to have either of those classes access my data using my subclass, meaning that the data it pulls from the default preferences file is going to be gibberish as it wasn’t decrypted.

I’ve found that some people have created custom implementations of Preference that encrypt the data there, but I’d prefer not to do that as the data is already being encrypted/decrypted in my SharedPreferences subclass and I’d like to keep it that way. I’ve also been looking over the source code of PreferenceActivity and PreferenceManager and I’m not sure the best way to approach this.

Has anyone else had any luck accomplishing something like this and have any suggestions as to where I might start?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I think by keeping your encryption in the SharedPrefs subclass that you already have, you limit the modularity and the separation of concerns.

    So I would suggest reconsidering sub-classing the preference classes themselves (such as CheckBoxPreference) and perform your calculation there.

    Ideally you could also use some type of composition or a static utility so that while you might have to subclass each type of preference you use, you can use a single place to perform the encryption/decryption calculations. This would also allow you more flexibility in the future if you need to encrypt or decrypt some other data or if the API changes.

    For sub-classing maybe you could do this:

    So for example:

    class ListPreferenceCrypt extends ListPreference
{
    ListPreferenceCrypt (Context context, AttributeSet attrs)   {
        super ( context, attrs );
    }
    ListPreferenceCrypt (Context context)   {
        super ( context );
    }

    @Override
    public void setValue( String value )
    {
        //encrypt value
        String encryptedVal = MyCryptUtil.encrypt(value);
        super.setValue ( encryptedVal );
    }

    @Override
    public String getValue( String key )
    {
        //decrypt value
        String decryptedValue = MyCryptUtil.decrypt(super.getValue ( key ));
        return decryptedValue;
    }

}

    NOTE the above is psuedo-code, there would be different methods to override


    And your XML might look like this:

    <PreferenceScreen
        xmlns:android="http://schemas.android.com/apk/res/android">

    <PreferenceCategory
            android:title="@string/inline_preferences">

        <com.example.myprefs.ListPreferenceCrypt
                android:key="listcrypt_preference"
                android:title="@string/title_listcrypt_preference"
                android:summary="@string/summary_listcrypt_preference" />

    </PreferenceCategory>

</PreferenceScreen>

    EDIT

    Caveats/Decompiling

    As I thought about this more, I realized one of the caveats is that this method is not particularly difficult to bypass when decompiling an APK. This does give the full class names of overriden classes in the layouts (though that can be avoided by not using XML)

    However, I don’t think this is significantly less secure than sub-classing SharedPreferences. That too, is susceptible to decompiling. Ultimately, if you want stronger security, you should consider alternative storage methods. Perhaps OAuth or the AccountManager as suggested in your linked post.

    • 0