Securing Android’s DataStore

After the introduction of the Jetpack library, Android development has become a whole different world. These libraries follow development best practices, reduce boilerplate code, and make life easier for developers.

Data store It is a local storage solution and is one such library that overcomes the shortcomings of SharedPreferences.. Based on Kotlin coroutines FlowAPI.. It is asynchronous, provides event callbacks, and has a good error handling mechanism.

To keep this article in the forefront, I won’t explain how data stores work and how they differ from existing solutions. This article It helps to understand why developers prefer to use data stores.


Data store .preferences_pb Files in the app’s internal storage.

Currently, the data is stored in an unsecured way. Therefore, we do not recommend storing sensitive data in data stores.


Inspired by EncryptedSharedPreferencesWe decided to create a secure version of SharedPreferences, the DataStore encryption layer. Encrypt data Not only provide generics Solution for mold safety (This is a Preferences Data Store issue). So let’s get started right away.

Before we get started, let’s take a look at the overall data flow overview.

As shown in the flow diagram above, here are the steps to take to get what you need: encryption layer:

  1. Serialize String format from data
  2. encryption Data using any encryption technology (using AES)
  3. use Android key store system To store the encryption key
  4. shop Data encrypted as a Data Store string

The· Decryption The process follows the reverse flow.

Let’s dive

Examine each step in this process.

Serialization & Deserialize

Usually, plain text is encrypted into ciphertext. Therefore, we need a way to convert all the data we store to plain text. Serialization To rescue!

GSON And Kotlinx serialization Is two of the many serialization solutions available. We will use the latter because it is relatively new, compact and supports multi-platform.

To use Kotlinx serialization, Add the following dependency topp level gradle file.


for Serialization:


for Deserialize :

Json { encodeDefaults = true }.decodeFromString(serializedString)

(((encodeDefaults = = true Encodes the default value of Kotlin property)

Encryption and decryption

In this case, you can use any encryption technique.Use AES encryption in GCM mode without padding.

Save the encryption key to Android key store system.. Save your security key at the hardware level for added security. These keys are paired with public key aliases.

Discuss the whole Encryption / decryption The process is outside the scope of this article. So, for the sake of clarity, I created a security utility class with all the methods I needed.

Save to data store

To keep the process of storing data in the data store consistent, we have created two extension methods that help store and fetch secure data to and from the data store, respectively.

  • The secureEdit extension method serializes, encrypts, and stores the data in the DataStore.
  • The secureMap extension method fetches the encrypted data from the data store, decrypts it, and deserializes it into its respective data type.

By doing this, I hit two birds with one stone. Your data is now protected and type-safe. Let’s see what the stored data looks like.


Recently shipped in beta, the Data Store is a powerful library that leverages coroutines to overcome many of the shortcomings of other frameworks, but it is not protected at this time.

Google’s Android team is eager to come up with an embedded solution for data store security, but until then, we hope this workaround helps.This is my code For you to explore.

See you! Take care!

Android data store protection Originally published ProAndroidDev In medium, people continue the conversation by emphasizing and reacting to this story.


Leave a Reply

Your email address will not be published. Required fields are marked *