New-ish to Kotlin and building an app. I am wondering the best way to securely cache data? Any suggestions are appreciated. Thanks!
Asked
Active
Viewed 358 times
1 Answers
1
It depends on who you're worried about as the attacker. Other apps on the phone? No need to worry at all, unless you explicitly grant access other apps can't access your apps files, no need to even encrypt. Just write the data to a file(s). The user on a rooted device? Encryption won't even help here, because you'd need the key to be stored on the device as well, so the user could easily decrypt it. Backed up by drive- you have to turn autobackup off in the manifest, but that will stop that.
So decide the threat vectors you're worried about, and then we can give more specific advice.
Gabe Sechan
- 90,003
- 9
- 87
- 127
-
@Monica The only way to protect against rooted devices is not to keep the data on the device. If its on a device you don't control, and someone really wants it, they'll get to it. For example, you could encrypt it, and store the key on the server sending it down when needed. But the user could run a custom Android OS with compromised SSL libraries that can capture the key as its being sent from the server. The best way to secure data is not to give it to them. Beyond that, its a matter of how paranoid do you want to be, and how much time is that extra protection really worth. – Gabe Sechan Jul 13 '22 at 16:46