I would like some more feedback on this from an Android expert, but I _think_ Shared Preferences are fine except in two cases: * Having root access to the device (which IMO is game over, and requires some serious steps to get there) * Application errors that accidentally expose shared preferences However, I think as a best practice, Google is recommending that Shared Preferences are encrypted through `androidx.security:security-crypto`, which as a `EncryptedSharedPreferences`. As with all Android on-device crypto, whether this improves things probably greatly depends on the Android version/flavor and Device. Who can weight in? Personally I like hardening our data storage to make accidental file exposure less of a risk.
Bug 1684761 Comment 25 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
I would like some more feedback on this from an Android expert, but I _think_ Shared Preferences are fine except in two cases: * Having root access to the device (which IMO is game over, and requires some serious steps to get there) * Application errors that accidentally expose shared preferences However, I think as a best practice, Google is recommending that Shared Preferences are encrypted through `androidx.security:security-crypto`, which as a `EncryptedSharedPreferences`. As with all Android on-device crypto, whether this improves things probably greatly depends on the Android version/flavor and Device. Who can weight in? Personally I like hardening our data storage to make accidental file exposure less of a risk. Asking Grisha, Sebastian and Christian to give this a thought and leave some comments here.
I would like some more feedback on this from an Android expert, but I _think_ Shared Preferences are fine except in two cases: * Having root access to the device (which IMO is game over, and requires some serious steps to get there) * Application errors that accidentally expose shared preferences However, I think as a best practice, Google is recommending that Shared Preferences are encrypted through `androidx.security:security-crypto`, which has a `EncryptedSharedPreferences`. As with all Android on-device crypto, whether this improves things probably greatly depends on the Android version/flavor and Device. Who can weigh in? Personally I like hardening our data storage to make accidental file exposure less of a risk. Asking Grisha, Sebastian and Christian to give this a thought and leave some comments here.