Security

Safely manage keys and encrypt files and sharedpreferences.

This table lists all the artifacts in the androidx.security group.

Artifact Stable Release Release Candidate Beta Release Alpha Release
security-crypto 1.0.0 - - 1.1.0-alpha06
security-app-authenticator - - 1.0.0-beta01 -
security-identity-credential - - - 1.0.0-alpha03
This library was last updated on: March 6, 2024

Declaring dependencies

To add a dependency on Security, you must add the Google Maven repository to your project. Read Google's Maven repository for more information.

Add the dependencies for the artifacts you need in the build.gradle file for your app or module:

For more information about dependencies, see Add build dependencies.

Feedback

Your feedback helps make Jetpack better. Let us know if you discover new issues or have ideas for improving this library. Please take a look at the existing issues in this library before you create a new one. You can add your vote to an existing issue by clicking the star button.

Create a new issue

See the Issue Tracker documentation for more information.

Security-App-Authenticator-Testing Version 1.0

Version 1.0.0-beta01

March 6, 2024

androidx.security:security-app-authenticator:1.0.0-beta01 and androidx.security:security-app-authenticator-testing:1.0.0-beta01 are released. Version 1.0.0-beta01 contains these commits.

Version 1.0.0-alpha02

December 13, 2023

androidx.security:security-app-authenticator-testing:1.0.0-alpha02 is released. Version 1.0.0-alpha02 contains these commits.

Bug Fixes

  • Updated test for new API behavior that no longer assumes Binder#getCalling[Uid|Pid] when not provided to the [check|enforce]CallingAppIdentity APIs. (I1851b)

Version 1.0.0-alpha01

June 2, 2021

androidx.security:security-app-authenticator-testing:1.0.0-alpha01 is released. Version 1.0.0-alpha01 contains these commits.

New Features

This testing library provides a builder that can be used to configure an injectable AppAuthenticator to meet the requirements of the test. This library supports several methods to configure the AppAuthenticator:

  • A generic test policy can be specified that reports a signature match for all packages declared in the configuration.
  • Individual packages can be specified to return a signature match with all other packages reporting no match.
  • Explicit signing identities can be set for each package; the resulting AppAuthenticator will then only report a signature match if the provided identity matches the declaration in the configuration file.
  • Packages can also be treated as not installed or having an explicit uid.

Security-App-Authenticator Version 1.0.0

Version 1.0.0-alpha03

December 13, 2023

androidx.security:security-app-authenticator:1.0.0-alpha03 is released. Version 1.0.0-alpha03 contains these commits.

API Changes

  • Added support for use cases where the UID / PID of the package to be verified is not available; the APIs now support cases such as startActivityForResult and activities / receivers where the calling app's identity is shared via [Activity|Broadcast]Options#setShareIdentityEnabled.
  • The behavior of [check|enforce]CallingAppIdentity(String, String) has been updated to support these new use cases; these methods will no longer default to using Binder#getCalling[Uid|Pid] but will instead skip verification of the calling package's UID if it is not explicitly provided. (I1851b)

Version 1.0.0-alpha02

June 2, 2021

androidx.security:security-app-authenticator:1.0.0-alpha02 is released. Version 1.0.0-alpha02 contains these commits.

API Changes

  • In preparation to support the new knownSigner permission protection flag introduced in Android 12, the digestAlgorithm attribute can no longer be specified in the configuration; instead all certificate digests should be computed using SHA-256.

Bug Fixes

  • All certificate digests provided in the configuration are now normalized to ensure a successful signature match can be reported both when the digest is computed at runtime as well as when an explicit signing identity is defined when using the testing library.

Version 1.0.0-alpha01

May 5, 2021

androidx.security:security-app-authenticator:1.0.0-alpha01 is released. Version 1.0.0-alpha01 contains these commits.

New Features

AppAuthenticator is a new library aimed at simplifying verification of app trust based on signing identity. An app just needs to specify an XML configuration file containing the package names and signing identities of trusted apps, and the library will take care of verifying the signing identity of apps at runtime.

Version 1.1.0

Version 1.1.0-alpha06

April 19, 2023

androidx.security:security-crypto:1.1.0-alpha06 and androidx.security:security-crypto-ktx:1.1.0-alpha06 are released. Version 1.1.0-alpha06 contains these commits.

New Features

  • Updated Tink dependency to 1.8.0

Version 1.1.0-alpha05

February 22, 2023

androidx.security:security-crypto:1.1.0-alpha05 and androidx.security:security-crypto-ktx:1.1.0-alpha05 are released. Version 1.1.0-alpha05 contains these commits.

Bug Fixes

Version 1.1.0-alpha04

November 9, 2022

androidx.security:security-crypto:1.1.0-alpha04 and androidx.security:security-crypto-ktx:1.1.0-alpha04 are released. Version 1.1.0-alpha04 contains these commits.

New Features

  • Removed log message “keyset not found, will generate a new one” on first app launch. (b/185219606)
  • Upgraded Tink dependency to version 1.7.0.

API Changes

  • Changes EncryptedFile#openFileInput() to throw a FileNotFoundException, rather than a generic IOException when the requested file doesn't exist. (I80e41, b/148804719)
  • Updated 'MasterKeys' class to require Android M rather than each of its methods. (I8b4b8)
  • Changes all preference getters on EncryptedSharedPreferences (ex #getString, #getInt) to throw SecurityException in rare circumstances where the type of a value can not be matched with one of the defined enum variants. (b/241699427)

Bug Fixes

  • Synchronized security-crypto-ktx library’s minimum SDK version with security-crypto by lowering it to v21 (b/193550375)
  • Fixed concurrency bug when building multiple EncryptedFiles (b/136590547)

External Contribution

Security-Crypto-Ktx Version 1.1.0-alpha03

May 18, 2021

androidx.security:security-crypto-ktx:1.1.0-alpha03 is released. Version 1.1.0-alpha03 contains these commits.

Updated to match androidx.security:security-crypto:1.1.0-alpha03.

Version 1.1.0-alpha03

December 2, 2020

androidx.security:security-crypto:1.1.0-alpha03 is released. Version 1.1.0-alpha03 contains these commits.

New Features

  • Updated Tink to stable release 1.5.0

Version 1.1.0-alpha02

August 5, 2020

androidx.security:security-crypto:1.1.0-alpha02 and androidx.security:security-crypto-ktx:1.1.0-alpha02 are released. Version 1.1.0-alpha02 contains these commits.

New Features

  • Updated Tink to stable release 1.4.0

Bug Fixes

  • Tink update should fix R8 and Proguard issues with shaded Protobuf dependency.
  • Tink update should gracefully handle AndroidKeyStore concurrency failures.

External Contribution

  • clear mKeysChanged on apply, fix for EncryptedSharedPreferences (aosp/1323026)

Version 1.1.0-alpha01

June 10, 2020

androidx.security:security-crypto:1.1.0-alpha01 is released. Version 1.1.0-alpha01 contains these commits.

New Features

  • Lollipop (API Level 21+) is now supported. Please note that the AndroidKeyStore is not used for API 21 and 22. (I7c12d, b/132325342)
  • New MasterKey class provides more options for keys, also deprecating MasterKeys to support new features and versions of Android that do not have KeyGenParamSpec.

Security-Identity-Credential Version 1.0.0

Version 1.0.0-alpha03

September 1, 2021

androidx.security:security-identity-credential:1.0.0-alpha03 is released. Version 1.0.0-alpha03 contains these commits.

New Features

  • Added support for hardware-backed Identity Credential features in Android 12.

Version 1.0.0-alpha02

February 24, 2021

androidx.security:security-identity-credential:1.0.0-alpha02 is released. Version 1.0.0-alpha02 contains these commits.

Bug Fixes

  • Update Identity Credential API to match Android 12 plans (Iff83e)

Version 1.0.0-alpha01

August 19, 2020

androidx.security:security-identity-credential:1.0.0-alpha01 is released. Version 1.0.0-alpha01 contains these commits.

New Features

This Jetpack release features a Jetpack version of the Identity Credential APIs which was added to Android 11 and API level 30. If running on Android 11 and the device has hardware-backed Identity Credential support then this Jetpack simply forwards calls to the platform API. Otherwise, an Android Keystore-backed implementation will be used. While the Android Keystore-backed implementation does not provide the same level of security and privacy it is perfectly adequate for both holders and issuers in cases where all data is issuer-signed. This library requires API level 24 or later.

The Identity Credential APIs provide an interface to a secure store for user identity documents. These APIs are deliberately fairly general and abstract. To the extent possible, specification of the message formats and semantics of communication with credential verification devices and Issuing Authorities (IAs) is out of scope for these APIs. The data structures that the APIs do depend on are compatible with the data structures in the soon to be released ISO/IEC IS 18013-5 Personal identification — ISO-compliant driving licence — Part 5: Mobile driving licence (mDL) application standard.

API Changes

  • Added Identity Credential Jetpack. (Icf90b)

Version 1.0.0

Version 1.0.0

April 21, 2021

androidx.security:security-crypto:1.0.0 is released. Version 1.0.0 contains these commits.

Major features of 1.0.0

Feature highlights

  • EncryptedFile, provides encrypted input and output streams to read/write encrypted data to a File.
  • EncryptedSharedPreferences, provides an implementation of SharedPreferences that automatically encrypts/decrypts all keys and values.
  • Provides simple key generation via MasterKeys.
  • Relies on Tink 1.5.0 for increased stability.

Version 1.0.0-rc04

January 13, 2021

androidx.security:security-crypto:1.0.0-rc04 is released. Version 1.0.0-rc04 contains these commits.

Bug Fixes

  • Upgraded Tink to 1.5.0 for increased stability.

Version 1.0.0-rc03

August 5, 2020

androidx.security:security-crypto:1.0.0-rc03 is released. Version 1.0.0-rc03 contains these commits.

New Features

  • Updated Tink to stable release 1.4.0

Bug Fixes

  • Tink update should fix R8 and Proguard issues with shaded Protobuf dependency.
  • Tink update should gracefully handle AndroidKeyStore concurrency failures.

External Contribution

  • clear mKeysChanged on apply, fix for EncryptedSharedPreferences (aosp/1323026)

Version 1.0.0-rc02

May 20, 2020

androidx.security:security-crypto:1.0.0-rc02 is released. Version 1.0.0-rc02 contains these commits.

Bug Fixes

  • Updated to Tink version 1.4.0-rc2, which shades the proto buf lite dep. This solves the widely reported issue of clashing with other android sdks. (I8a831)
  • Fixed apply() in EncryptedSharedPreferences. (I29069, b/154366606)

Version 1.0.0-rc01

April 15, 2020

androidx.security:security-crypto:1.0.0-rc01 is released. Version 1.0.0-rc01 contains these commits.

Bug Fixes

  • Added checks to ensure that if a KeyGenParamSpec is passed in to MasterKeys.getOrCreate that if getUserAuthenticationRequired returns true that getUserAuthenticationValidityDurationSeconds returns a value >0. (I911f5) (b/152644939)

Version 1.0.0-beta01

March 18, 2020

androidx.security:security-crypto:1.0.0-beta01 is released with no changes since 1.0.0-alpha02. Version 1.0.0-beta01 contains these commits.

Version 1.0.0-alpha02

May 23, 2019

androidx.security:security-crypto:1.0.0-alpha02 is released. The commits included in this version can be found in this commit log.

Bug fixes

  • Fixed issue retrieving key/values associated with shared preferences from getAll().
  • Blocked usage of restricted preference keys.
  • Minor Javadoc updates.

Version 1.0.0-alpha01

May 7, 2019

androidx.security:security-crypto:1.0.0-alpha01 is released. The commits included in this version can be found here.

New feature highlights

  • EncryptedFile, provides encrypted input and output streams to read/write encrypted data to a File.
  • EncryptedSharedPreferences, provides an implementation of SharedPreferences that automatically encrypts/decrypts all keys and values.
  • Provides simple key generation via MasterKeys.