{"id":15132713,"url":"https://github.com/scottyab/secure-preferences","last_synced_at":"2026-01-11T03:44:02.136Z","repository":{"id":9327771,"uuid":"11173028","full_name":"scottyab/secure-preferences","owner":"scottyab","description":"Android Shared preference wrapper than encrypts the values of Shared Preferences. It's not bullet proof security but rather a quick win for incrementally making your android app more secure.","archived":true,"fork":false,"pushed_at":"2020-06-22T13:31:28.000Z","size":3881,"stargazers_count":1532,"open_issues_count":39,"forks_count":235,"subscribers_count":44,"default_branch":"master","last_synced_at":"2025-05-21T10:39:54.549Z","etag":null,"topics":["android","obfuscated","secure-preferences","sharedpreferences"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/scottyab.png","metadata":{"files":{"readme":"README.md","changelog":"changes.md","contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2013-07-04T09:51:54.000Z","updated_at":"2025-04-03T03:44:28.000Z","dependencies_parsed_at":"2022-08-26T04:12:19.961Z","dependency_job_id":null,"html_url":"https://github.com/scottyab/secure-preferences","commit_stats":null,"previous_names":[],"tags_count":8,"template":false,"template_full_name":null,"purl":"pkg:github/scottyab/secure-preferences","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/scottyab%2Fsecure-preferences","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/scottyab%2Fsecure-preferences/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/scottyab%2Fsecure-preferences/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/scottyab%2Fsecure-preferences/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/scottyab","download_url":"https://codeload.github.com/scottyab/secure-preferences/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/scottyab%2Fsecure-preferences/sbom","scorecard":{"id":805915,"data":{"date":"2025-08-11","repo":{"name":"github.com/scottyab/secure-preferences","commit":"f906a6d2810fd3986bf5c54420161b4a53da590f"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":2.5,"checks":[{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Code-Review","score":3,"reason":"Found 7/19 approved changesets -- score normalized to 3","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Binary-Artifacts","score":9,"reason":"binaries present in source code","details":["Warn: binary detected: gradle/wrapper/gradle-wrapper.jar:1"],"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Maintained","score":0,"reason":"project is archived","details":["Warn: Repository is archived."],"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Pinned-Dependencies","score":-1,"reason":"no dependencies found","details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"License","score":0,"reason":"license file not detected","details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v0.1.0 not signed: https://api.github.com/repos/scottyab/secure-preferences/releases/1155408","Warn: release artifact 0.4.0 not signed: https://api.github.com/repos/scottyab/secure-preferences/releases/1098716","Warn: release artifact v0.1.0 does not have provenance: https://api.github.com/repos/scottyab/secure-preferences/releases/1155408","Warn: release artifact 0.4.0 does not have provenance: https://api.github.com/repos/scottyab/secure-preferences/releases/1098716"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 20 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-23T11:45:36.684Z","repository_id":9327771,"created_at":"2025-08-23T11:45:36.685Z","updated_at":"2025-08-23T11:45:36.685Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":277450939,"owners_count":25819971,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-28T02:00:08.834Z","response_time":79,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["android","obfuscated","secure-preferences","sharedpreferences"],"created_at":"2024-09-26T04:22:33.051Z","updated_at":"2025-09-29T00:32:49.637Z","avatar_url":"https://github.com/scottyab.png","language":"Java","funding_links":[],"categories":["Libs","Security","Awesome Mobile Application Penetration Testing  ![awesome](https://awesome.re/badge.svg)"],"sub_categories":["\u003cA NAME=\"Utility\"\u003e\u003c/A\u003eUtility","Android Application Penetration Testing"],"readme":"Secure-preferences - Deprecated \n==================\n\n* Please use EncryptedSharedPreferences from [androidx.security](https://developer.android.com/jetpack/androidx/releases/security) in preferenced to secure-preference. (There are no active maintainers Secure-preferences) \n\nThis is Android Shared preference wrapper that encrypts the values of Shared Preferences using *AES 128*, *CBC*, and *PKCS5* padding with integrity checking in the form of a SHA 256 hash. Each key is stored as a one way SHA 256 hash. Both keys and values are base64 encoded before storing into prefs xml file. **By default the generated key is stored in the backing preferences file and so can be read and extracted by root user.** Recommend use the user password generated option as added in v0.1.0.\n\nThe sample app is available on [playstore](https://play.google.com/store/apps/details?id=com.securepreferences.sample)\n\n\u003cimg src=\"https://raw.github.com/scottyab/secure-preferences/master/docs/images/ss_frame_secure_pref.png\" height=\"400\" alt=\"Sample app Screenshot\" /\u003e\n \n\n## Release v0.1.0+\nThe **v0.1.0** release was a major refactor of the guts of secure prefs, which is *Not backwards compatible* yet with older 0.0.1 - 0.0.4 versions. So if you have an existing app using this don't upgrade. I'll be looking to add migration into a later release.\n\n[Full list of changes](changes.md)\n\n# Usage\n\n## Dependency\n\nMaven central is the preferred way:\n\nNote: v0.1.0 was dependent on snapshot of aes-crypto, this is only as I was waiting for the aes-crypto repo owner to upload to maven. I've sorted this for v0.1.1+ which is no longer dependent on Snapshot repo.\n\n```java\ndependencies {\n    implementation 'com.scottyab:secure-preferences-lib:0.1.7'\n}\n```\n\n### Download\nOr download the release .aar or clone this repo and add the library as a Android library project/module.\n\n### ProGuard config\n\nAs of v0.1.4 **no** specific `-keep` config is needed.\n\n### DexGuard\n\nThere is specific DexGuard config supplied with DexGuard 7+ located `\u003cdexgaurd root\u003e/samples/advanced/SecurePreferences`\n\n\n# Examples\nThis will use the default shared pref file\n\n```java\nSharedPreferences prefs = new SecurePreferences(context);     \n```\n\n## Custom pref file\nYou can define a separate file for encrypted preferences. \n\n```java\nSharedPreferences prefs = new SecurePreferences(context, null, \"my_custom_prefs.xml\");\n```\n\n\n## User password - (recommended)\nUsing a password that the user types in that isn't stored elsewhere in the app passed to the SecurePreferences constructor means the key is generated at runtime and *not* stored in the backing pref file.\n\n```java\nSharedPreferences prefs = new SecurePreferences(context, \"userpassword\", \"my_user_prefs.xml\");\n```\n\n## Changing Password\n\n```java\nSecurePreferences securePrefs = new SecurePreferences(context, \"userpassword\", \"my_user_prefs.xml\");\nsecurePrefs.handlePasswordChange(\"newPassword\", context);\n```\n\n\n# What does the data look like?\n\nSharedPreferences keys and values are stored as simple map in an XML file.  You could also use a rooted device and an app like [cheatdroid](https://play.google.com/store/apps/details?id=com.felixheller.sharedprefseditor\u0026hl=en_GB)\n\n## XML using Standard Android SharedPreferences\n\n\n```xml\n\u003cmap\u003e\n    \u003cint name=\"timeout\" value=\"500\" /\u003e\n    \u003cboolean name=\"is_logged_in\" value=\"true\" /\u003e\n\u003c/map\u003e\n```\n\n## XML with SecurePreferences\n\n\n```xml\n\u003cmap\u003e\n    \u003cstring name=\"TuwbBU0IrAyL9znGBJ87uEi7pW0FwYwX8SZiiKnD2VZ7\"\u003e\n        pD2UhS2K2MNjWm8KzpFrag==:MWm7NgaEhvaxAvA9wASUl0HUHCVBWkn3c2T1WoSAE/g=rroijgeWEGRDFSS/hg\n    \u003c/string\u003e\n    \u003cstring name=\"8lqCQqn73Uo84Rj\"\u003ek73tlfVNYsPshll19ztma7U\"\u003e\n        pD2UhS2K2MNjWm8KzpFrag==:MWm7NgaEhvaxAvA9wASUl0HUHCVBWkn3c2T1WoSAE/g=:jWm8KzUl0HUHCVBWkn3c2T1WoSAE/g=\n    \u003c/string\u003e\n\u003c/map\u003e\n```\n\n\n### Disclaimer\nBy default it's not bullet proof security (in fact it's more like obfuscation of the preferences) but it's a quick win for incrementally making your android app more secure. For instance it'll stop users on rooted devices easily modifying your app's shared prefs.\n*Recommend using the user password based prefs as introduced in v0.1.0.*\n\n\n### Contributing \nPlease do send me pull requests, but also bugs, issues and enhancement requests are welcome please add an issue.\n\n\n### Licence \n\nMuch of the original code is from Daniel Abraham article on [codeproject](http://www.codeproject.com/Articles/549119/Encryption-Wrapper-for-Android-SharedPreferences). This project was created and shared on Github with his permission. \n\nApache License, Version 2.0\n\n\n\n    Copyright (C) 2013, Daniel Abraham, Scott Alexander-Bown\n\n    Licensed under the Apache License, Version 2.0 (the \"License\");\n    you may not use this file except in compliance with the License.\n    You may obtain a copy of the License at\n\n         http://www.apache.org/licenses/LICENSE-2.0\n\n    Unless required by applicable law or agreed to in writing, software\n    distributed under the License is distributed on an \"AS IS\" BASIS,\n    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n    See the License for the specific language governing permissions and\n    limitations under the License.\n\n\nThe sample app Lock icon for sample app licenced under Creative Commons created by Sam Smith via [thenounproject.com](http://thenounproject.com/term/lock/5704/)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fscottyab%2Fsecure-preferences","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fscottyab%2Fsecure-preferences","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fscottyab%2Fsecure-preferences/lists"}