DEV Community

AJITH KUMAR V
AJITH KUMAR V

Posted on

Android Encrypted Shared Preference access issue from new container

Hello Team,
We have seen an issue related to Android Encrypted Shared Preference access from a different container in Android.
Ours is a custom DPC application, which creates another profile and container in the Android application space. The data will be migrated from personal space to this container during the transition.
In our use case, we create an encrypted shared preference when the application is in the personal space and store some data in it. After the container is created, it migrates the application data from personal space to this new container.
As we know encrypted shared preference is backed with a master key. This master key is accessible, but while trying to get the Encrypted shared preference using the master key, it throws exception like below;
[android.security.keystore.AndroidKeyStoreCipherSpiBase.engineDoFinal(AndroidKeyStoreCipherSpiBase.java:517),
javax.crypto.Cipher.doFinal(Cipher.java:1794),
com.google.crypto.tink.integration.android.AndroidKeystoreAesGcm.decryptInternal(AndroidKeystoreAesGcm.java:118),
com.google.crypto.tink.integration.android.AndroidKeystoreAesGcm.decrypt(AndroidKeystoreAesGcm.java:101),
com.google.crypto.tink.KeysetHandle.decrypt(KeysetHandle.java:919),
com.google.crypto.tink.KeysetHandle.readWithAssociatedData(KeysetHandle.java:804),
com.google.crypto.tink.KeysetHandle.read(KeysetHandle.java:785),
com.google.crypto.tink.integration.android.AndroidKeysetManager$Builder.readMasterkeyDecryptAndParseKeyset(AndroidKeysetManager.java:381),
com.google.crypto.tink.integration.android.AndroidKeysetManager$Builder.build(AndroidKeysetManager.java:297),
androidx.security.crypto.EncryptedSharedPreferences.create(EncryptedSharedPreferences.java:169),
androidx.security.crypto.EncryptedSharedPreferences.create(EncryptedSharedPreferences.java:130),

Kindly let us know whether this a bug or a security limitation or intended behaviour.

Thank you!

Image of Timescale

🚀 pgai Vectorizer: SQLAlchemy and LiteLLM Make Vector Search Simple

We built pgai Vectorizer to simplify embedding management for AI applications—without needing a separate database or complex infrastructure. Since launch, developers have created over 3,000 vectorizers on Timescale Cloud, with many more self-hosted.

Read full post →

Top comments (0)

AWS Security LIVE!

Tune in for AWS Security LIVE!

Join AWS Security LIVE! for expert insights and actionable tips to protect your organization and keep security teams prepared.

Learn More