81 lines
2.6 KiB
Markdown
81 lines
2.6 KiB
Markdown
# 07. Encrypted SharedPreferences & DataStore Audit
|
|
|
|
meta:
|
|
id: android-production-07
|
|
feature: android-production
|
|
priority: P1
|
|
depends_on: []
|
|
tags: [security, data-protection, production]
|
|
|
|
objective:
|
|
- Audit and secure all local data storage using encrypted SharedPreferences and DataStore
|
|
|
|
deliverables:
|
|
- EncryptedSharedPreferences for sensitive data
|
|
- DataStore for preferences
|
|
- Secure data deletion
|
|
- Storage audit report
|
|
|
|
steps:
|
|
1. Audit current storage:
|
|
- Review all SharedPreferences usage
|
|
- Review DataStore usage
|
|
- Review CacheManager.kt
|
|
- Identify all sensitive data stored locally
|
|
2. Implement encrypted preferences:
|
|
- Use EncryptedSharedPreferences from androidx.security
|
|
- Store auth tokens, refresh tokens
|
|
- Store biometric preference
|
|
- Store user profile data
|
|
3. Configure DataStore:
|
|
- Use DataStore for non-sensitive preferences
|
|
- Theme, language, notification settings
|
|
- Migrate from SharedPreferences if needed
|
|
4. Secure CacheManager:
|
|
- Ensure no sensitive data in unencrypted cache
|
|
- Encrypt cached API responses containing PII
|
|
- Set cache size limits
|
|
- Implement secure eviction
|
|
5. Add secure deletion:
|
|
- Overwrite sensitive data before removal
|
|
- Clear all secure storage on logout
|
|
- Handle account deletion (GDPR)
|
|
6. Add backup exclusion:
|
|
- Exclude encrypted preferences from cloud backup
|
|
- Mark sensitive files with android:allowBackup="false"
|
|
- Document backup strategy
|
|
7. Test storage security:
|
|
- Verify data encrypted at rest
|
|
- Verify no plaintext sensitive data in files
|
|
- Test backup/restore behavior
|
|
|
|
tests:
|
|
- Unit: Test encrypted storage read/write
|
|
- Security: Verify no plaintext tokens in files
|
|
- Integration: Test logout clears all data
|
|
|
|
acceptance_criteria:
|
|
- All sensitive data in EncryptedSharedPreferences
|
|
- Auth tokens encrypted at rest
|
|
- Refresh tokens encrypted at rest
|
|
- Non-sensitive preferences in DataStore
|
|
- No sensitive data in unencrypted cache
|
|
- Secure deletion overwriting data
|
|
- Sensitive storage excluded from backup
|
|
- Logout clears all auth data
|
|
- Account deletion removes all local data
|
|
- No plaintext sensitive data discoverable in app files
|
|
|
|
validation:
|
|
- Inspect app files → no plaintext tokens
|
|
- Check EncryptedSharedPreferences → data encrypted
|
|
- Logout → all auth data cleared
|
|
- Backup app → sensitive data not included
|
|
- Account deletion → all data removed
|
|
|
|
notes:
|
|
- EncryptedSharedPreferences uses AES-256 encryption
|
|
- Master key stored in Android Keystore
|
|
- DataStore is modern replacement for SharedPreferences
|
|
- Consider using SQLCipher for database encryption if using Room
|