开发者

Obfuscate/Encrypt SharedPreferences file possible?

So, I'm interested in obfuscating the SharedPreferences xml file of my app, much like Android LVL does to obfuscate it's license cahce data. Would this be conceivable? Plenty of google-digging has yielded little results that might address my question. And I'm certainly 开发者_开发技巧no cryptologist.

What about other forms of encryption? My end goal isn't to try making the xml bulletproof, I just want to block out the lower 90% of people who would refrain from messing around with it if it's not in plain text.


Don't believe this is possible, not without major modifications (possibly write your own Preferences implementation), and I couldn't even begin to think about how you would persuade Android to load from your Preferences implementation.

The default SharedPreferences implementation isn't replaceable as far as I can tell: if you need to encrypt something do what LVL does and either encrypt the value you write to the SharedPreferences XML, or create your own entirely encrypted file and manage it on disk yourself.


How about obfuscating the keys and values stored in the preference-XML?

I made a wrapper for the shared preferences which encrypt both keys and values: https://github.com/sveinungkb/encrypted-userprefs


Can you not use a scheme to change the data in some mannner so as to render it incomprehensible to most people? I can suggest one way. First, use fixed size string so that it does not change length with the data being saved. Next, you can apply some simple function to swizzle the bytes and offset each byte. So the end result will still be a string but it will make it hard for someone normal to figure out what it is, though a person bent on cracking it can succeed.


I've created a SharedPreferences implementation using AES encryiption. The project is a maven module. If you need one, take a look. https://github.com/kovmarci86/android-secure-preferences


what you can do is.. wrap the sharedpreferences with your own method.. and avoid use your method name such as "Encrypt" "Decrypt" "String" etc.. because the proguard wont obfuscate the word..

here for example https://github.com/afiqiqmal/ConcealSharedPreference-Android

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜