2019-01-19 13:02:09.533 3402-3402/com.strongapps.frettrainer.android E/AndroidRuntime: FATAL EXCEPTION: main Process: com.strongapps.frettrainer.android, PID: 3402 java.lang.ClassCastException: s == null at com.securepreferences.SecurePreferences.getInt(SecurePreferences.java:389)

Crashes in Android API 28 when trying to get a pref.

I'd very much like to use this library, but the initialization of the key takes 3 seconds on my Nexus 5. Since this is done in Application's onCreate (because I need the settings there), it's not usable.

I understand that you're trying to make it as easy to use and as secure as possible, but would you consider allowing users of the library to provide their own key? Since the encryption is really more of an obfuscation (anyone can decompile the app and generate the same key), it wouldn't be a problem for me to have less security, but 100x faster startup time :)

Also here's some discussion about the slowness: http://stackoverflow.com/questions/24652602/pbkdf2withhmacsha1-key-generation-takes-too-long-on-android

Hi, last release of library crash on HUAWEI G630 U10 with Android 4.3.

Caused by java.lang.SecurityException com.tozny.crypto.android.AesCbcWithIntegrity$PrngFixes.installLinuxPRNGSecureRandom (AesCbcWithIntegrity.java:764) com.tozny.crypto.android.AesCbcWithIntegrity$PrngFixes.apply (AesCbcWithIntegrity.java:684) com.tozny.crypto.android.AesCbcWithIntegrity.fixPrng (AesCbcWithIntegrity.java:347) com.tozny.crypto.android.AesCbcWithIntegrity.generateKeyFromPassword (AesCbcWithIntegrity.java:184) com.tozny.crypto.android.AesCbcWithIntegrity.generateKeyFromPassword (AesCbcWithIntegrity.java:234) com.tozny.crypto.android.AesCbcWithIntegrity.generateKeyFromPassword (AesCbcWithIntegrity.java:219) com.securepreferences.SecurePreferences. (SecurePreferences.java:145) com.securepreferences.SecurePreferences. (SecurePreferences.java:92)

I have updated the library to 0.1.4 and now, when I access to any secure preference it returns null and the app closes with a NullException.

Is there something that I need to do after the update? Thanks!

The default shared preferences that comes with Android accept a flag called MODE_MULTI_PROCESS which makes the shared preferences thread-safe.

Here is the quote to the official documentation:

SharedPreference loading flag: when set, the file on disk will be checked for modification even if the shared preferences instance is already loaded in this process. This behaviour is sometimes desired in cases where the application has multiple processes, all writing to the same SharedPreferences file. Generally there are better forms of communication between processes, though.

This was the legacy (but undocumented) behaviour in and before Gingerbread (Android 2.3) and this flag is implied when targetting such releases. For applications targetting SDK versions greater than Android 2.3, this flag must be explicitly set if desired.

http://developer.android.com/reference/android/content/Context.html#MODE_MULTI_PROCESS

I am using secure-preferences to encrypt my local preferences. However, when using Robolectric to run unit tests, the preferences are not correctly filled in, and when trying to check if the key is contained in the file, it is always empty.

My app code for the shared prefs:

public class AppSharedPrefs {
    private ApplicationSharedPreferences(Context context) {
        sSharedPreferences = new SecurePreferences(context, context.getSharedPreferences(PREFS_NAME, Context.MODE_PRIVATE));
        sEditor = sSharedPreferences.edit();
        mContext = context;

        clearSharedPreferences();

    }

    public static ApplicationSharedPreferences getInstance(Context context) {
        if (instance == null) {
            instance = new ApplicationSharedPreferences(context);
        }
        return instance;
    }

    ... then all getter and setter ...
}

Then, my test code:

@RunWith(TestRunner.class)
public class CustomerAPITest extends GlobalTestCase {

    @Test
    public void handleActionTest() throws JSONException {
        final String VALUE = "1";

        AppSharedPreferences asp = AppSharedPreferences.getInstance(getTestContext());
        asp.setMyValue(VALUE);

        new CustomerAPI().handleAction();
        ....
    }
}

and my function in "handleAction()" will read VALUE, with:

AppSharedPreferences asp = AppSharedPreferences.getInstance(context);
asp.getMyValue(VALUE); // always null

but is always null, shared preferences always empty. If I remove SecurePreferences and use standard Android prefs, everything works.

Any clue how to solve this and if it is a problem of the library?

08-02 05:00:41.356 1533-1533/erparchitector.findwork.app.android E/AndroidRuntime﹕ FATAL EXCEPTION: main java.lang.SecurityException: new SecureRandom() backed by wrong Provider: class com.tozny.crypto.android.AesCbcWithIntegrity$PrngFixes$LinuxPRNGSecureRandomProvider at com.tozny.crypto.android.AesCbcWithIntegrity$PrngFixes.installLinuxPRNGSecureRandom(Unknown Source) at com.tozny.crypto.android.AesCbcWithIntegrity$PrngFixes.apply(Unknown Source) at com.tozny.crypto.android.AesCbcWithIntegrity.fixPrng(Unknown Source) at com.tozny.crypto.android.AesCbcWithIntegrity.generateKeyFromPassword(Unknown Source) at com.tozny.crypto.android.AesCbcWithIntegrity.generateKeyFromPassword(Unknown Source) at com.securepreferences.SecurePreferences.generateAesKeyName(Unknown Source) at com.securepreferences.SecurePreferences.(Unknown Source) at com.securepreferences.SecurePreferences.(Unknown Source) at com.securepreferences.SecurePreferences.(Unknown Source) at erparchitector.findwork.app.android.utils.Preferences.(Unknown Source) at erparchitector.findwork.app.android.network.Session.getInstance(Unknown Source) at erparchitector.findwork.app.android.App.getSession(Unknown Source) at erparchitector.findwork.app.android.gui.ProfileContainer.onCreate(Unknown Source) at android.support.v4.app.Fragment.performCreate(Unknown Source) at android.support.v4.app.FragmentManagerImpl.moveToState(Unknown Source) at android.support.v4.app.FragmentManagerImpl.moveToState(Unknown Source) at android.support.v4.app.BackStackRecord.run(Unknown Source) at android.support.v4.app.FragmentManagerImpl.execPendingActions(Unknown Source) at android.support.v4.app.FragmentManagerImpl$1.run(Unknown Source) at android.os.Handler.handleCallback(Handler.java:725) at android.os.Handler.dispatchMessage(Handler.java:92) at android.os.Looper.loop(Looper.java:137) at android.app.ActivityThread.main(ActivityThread.java:5041) at java.lang.reflect.Method.invokeNative(Native Method) at java.lang.reflect.Method.invoke(Method.java:511) at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:793) at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:560) at dalvik.system.NativeStart.main(Native Method)

After proguard obfuscation :(

Hello, ever since I upgraded to 0.0.1 from 0.0.4, my app has experienced tremendous slowdown. I mean like 10x slower! Any ideas what the issue could be here?

Thanks, Igor

I am working on a Android application that i want to release to be available for customers from both USA and Romania. Does this library require a special license for using strong encryption? The reason why i ask this is because some other libraries like SQLCIpher for Android require special license for this ( according to this blog http://www.informit.com/articles/article.aspx?p=2268753&seqNum=3 )

I was wondering if this is the case for this too. Please let me know. Thank you very much.

Hi I am trying to write unit tests, one of which requires an instance of SecurePreferences. So I am passing a context like this: mContext = Mockito.mock(Context.class); securePreferences = new SecurePreferences(mContext);

However, the context isn't mocked, and as a result I cannot use SecurePrefs in testing. Do you have any ideas about this?

Hi Scott,

I was using your library with this configuration in Graddle.

compile 'com.scottyab:aes-crypto:0.0.2-SNAPSHOT' compile('com.scottyab:secure-preferences-lib:0.1.0') { provided 'com.scottyab:aes-crypto:0.0.2-SNAPSHOT' }

It was working fine until last week. I got an error that aes-crypto:002-SNAPSHOT cannot be found.

Could you please check this.

Kind regards,

G

Fatal Exception: java.lang.SecurityException: Could not decrypt key. decryption failed at b.r.a.a.a(EncryptedSharedPreferences.java:22) at b.r.a.a.getAll(EncryptedSharedPreferences.java:4) at b.r.a.a$b.commit(EncryptedSharedPreferences.java:2) at android.os.Handler.handleCallback(Handler.java:751) at android.os.Handler.dispatchMessage(Handler.java:95) at android.os.Looper.loop(Looper.java:154) at android.app.ActivityThread.main(ActivityThread.java:6816) at java.lang.reflect.Method.invoke(Method.java) at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:1565) at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:1453)

Demo project - MainActivity: @DebugLog public void onGetButtonClick(View v) { final String value = getSharedPref().getString(MainActivity.KEY, null); toast(MainActivity.KEY + "'s, value= " + value); } @DebugLog public void onSetButtonClick(View v) { getSharedPref().edit().clear().commit();// Add this line getSharedPref().edit().putString(MainActivity.KEY, MainActivity.VALUE) .commit(); toast(MainActivity.KEY + " with enc value:" + MainActivity.VALUE + ". Saved"); } Then Kill app and relaunch, Click 'GET FOO' value =null. value should be 'Bar'.

After thinking what is the root cause for a gradle build to fail. I suddenly remember your user name scottyab as I look to the error log and I believe that this is related to some of your repo.

ERROR: Unable to resolve dependency for ':app@debug/compileClasspath': Failed to transform artifact 'aes-crypto.aar (com.scottyab:aes-crypto:0.0.5)' to match attributes {artifactType=jar}.

Hi,

We are seeing a warning on our production app on google play console. The warning states:

Security alert Your app contains unsafe cryptographic encryption patterns. Please see this Google Help Center article for details. Vulnerable classes: com.xxx.xxx.android.AesCbcWithIntegrity Affects APK version 10819.

The article the warning is referring to https://support.google.com/faqs/answer/9450925

Remediation for Unsafe Cryptographic Encryption - Google HelpThis information is intended for developers with app(s) that contain unsafe cryptographic encryption patterns. That is, a ciphertext is generated with a statically computed secret key, salt, or initiasupport.google.com

Can someone help me to resolve this Security alert warning?

I upgraded my device to Android Q and now I am not able to retrieve the data stored in the SecurePreferences. Android Q release mode is around the corner and now it will be a disaster for my users if they are not able to see their data which is empty.

Please tell me if there is any way to tackle this bug.