Is there any Proguard rules should use while using EncryptedSharedPreferences?
EncryptedSharedPreferences, a feature introduced in Android, helps secure sensitive data stored in SharedPreferences by encrypting it. While it provides a good layer of protection, it’s crucial to understand its interactions with Proguard, a tool for shrinking, obfuscating, and optimizing your Android application.
Proguard and EncryptedSharedPreferences
Proguard can potentially interfere with EncryptedSharedPreferences if not configured correctly. The obfuscation process might rename classes and methods, leading to conflicts with the encryption and decryption logic used by EncryptedSharedPreferences.
Proguard Rules for EncryptedSharedPreferences
To ensure compatibility and prevent errors, you need to provide Proguard with specific rules that tell it to exclude EncryptedSharedPreferences classes from obfuscation.
Rules for EncryptedSharedPreferences
-keep class androidx.security.crypto.EncryptedSharedPreferences { *; }
-keep class androidx.security.crypto.EncryptedSharedPreferences.PrefKeyEncryptionScheme { *; }
-keep class androidx.security.crypto.EncryptedSharedPreferences.MasterKey { *; }
-keep class androidx.security.crypto.EncryptedSharedPreferences.EncryptionScheme { *; }
-keep class androidx.security.crypto.EncryptedSharedPreferences.FileBasedMasterKey { *; }
-keep class androidx.security.crypto.EncryptedSharedPreferences.MasterKeyProvider { *; }
-keep class androidx.security.crypto.EncryptedSharedPreferences.EncryptionException { *; }
-keep class androidx.security.crypto.EncryptedSharedPreferences.FileBasedMasterKey.FileBasedMasterKeyFactory { *; }
-keep class androidx.security.crypto.EncryptedSharedPreferences.MasterKey.MasterKeyFactory { *; }
Explanation of the Rules
- -keep class … { *; }: These lines instruct Proguard to keep the specified classes intact, without obfuscating their names or members. This is essential for EncryptedSharedPreferences to function correctly.
- *: The wildcard character (*) ensures that all members within each class are also preserved.
- androidx.security.crypto.EncryptedSharedPreferences: This refers to the core EncryptedSharedPreferences class.
- androidx.security.crypto.EncryptedSharedPreferences.PrefKeyEncryptionScheme: This includes the key encryption scheme used for protecting the keys within SharedPreferences.
- androidx.security.crypto.EncryptedSharedPreferences.MasterKey: This indicates the class responsible for managing the master encryption key used to decrypt the data in SharedPreferences.
- androidx.security.crypto.EncryptedSharedPreferences.EncryptionScheme: This designates the actual encryption scheme used for protecting the sensitive information stored in SharedPreferences.
- androidx.security.crypto.EncryptedSharedPreferences.FileBasedMasterKey: This involves storing the master key in a file on the device’s storage.
- androidx.security.crypto.EncryptedSharedPreferences.MasterKeyProvider: This class is involved in providing the master encryption key for decryption.
- androidx.security.crypto.EncryptedSharedPreferences.EncryptionException: This class handles potential errors during encryption and decryption operations.
- androidx.security.crypto.EncryptedSharedPreferences.FileBasedMasterKey.FileBasedMasterKeyFactory: This indicates the factory class responsible for creating instances of FileBasedMasterKey.
- androidx.security.crypto.EncryptedSharedPreferences.MasterKey.MasterKeyFactory: This designates the factory class responsible for creating instances of MasterKey.
Implementation
These Proguard rules should be placed within your Proguard configuration file, typically located at proguard-rules.pro in the app directory of your Android project.
Important Considerations
- Regular Updates: As the EncryptedSharedPreferences library may undergo updates, it’s crucial to revisit your Proguard rules periodically to ensure compatibility.
- Security Best Practices: While EncryptedSharedPreferences enhances security, it’s essential to combine it with other security best practices like proper data handling and avoiding storage of highly sensitive data in SharedPreferences.
Conclusion
By incorporating these Proguard rules, you can ensure that your Android app properly utilizes EncryptedSharedPreferences while minimizing potential conflicts caused by Proguard’s obfuscation process. This helps to safeguard sensitive data and maintain the integrity of your application.