# 07. Encrypted SharedPreferences & DataStore Audit

meta:
  id: android-production-07
  feature: android-production
  priority: P1
  depends_on: []
  tags: [security, data-protection, production]

objective:
- Audit and secure all local data storage using encrypted SharedPreferences and DataStore

deliverables:
- EncryptedSharedPreferences for sensitive data
- DataStore for preferences
- Secure data deletion
- Storage audit report

steps:
1. Audit current storage:
   - Review all SharedPreferences usage
   - Review DataStore usage
   - Review CacheManager.kt
   - Identify all sensitive data stored locally
2. Implement encrypted preferences:
   - Use EncryptedSharedPreferences from androidx.security
   - Store auth tokens, refresh tokens
   - Store biometric preference
   - Store user profile data
3. Configure DataStore:
   - Use DataStore for non-sensitive preferences
   - Theme, language, notification settings
   - Migrate from SharedPreferences if needed
4. Secure CacheManager:
   - Ensure no sensitive data in unencrypted cache
   - Encrypt cached API responses containing PII
   - Set cache size limits
   - Implement secure eviction
5. Add secure deletion:
   - Overwrite sensitive data before removal
   - Clear all secure storage on logout
   - Handle account deletion (GDPR)
6. Add backup exclusion:
   - Exclude encrypted preferences from cloud backup
   - Mark sensitive files with android:allowBackup="false"
   - Document backup strategy
7. Test storage security:
   - Verify data encrypted at rest
   - Verify no plaintext sensitive data in files
   - Test backup/restore behavior

tests:
- Unit: Test encrypted storage read/write
- Security: Verify no plaintext tokens in files
- Integration: Test logout clears all data

acceptance_criteria:
- All sensitive data in EncryptedSharedPreferences
- Auth tokens encrypted at rest
- Refresh tokens encrypted at rest
- Non-sensitive preferences in DataStore
- No sensitive data in unencrypted cache
- Secure deletion overwriting data
- Sensitive storage excluded from backup
- Logout clears all auth data
- Account deletion removes all local data
- No plaintext sensitive data discoverable in app files

validation:
- Inspect app files → no plaintext tokens
- Check EncryptedSharedPreferences → data encrypted
- Logout → all auth data cleared
- Backup app → sensitive data not included
- Account deletion → all data removed

notes:
- EncryptedSharedPreferences uses AES-256 encryption
- Master key stored in Android Keystore
- DataStore is modern replacement for SharedPreferences
- Consider using SQLCipher for database encryption if using Room