Android Encrypted Shared Preference access issue from new container
AJITH KUMAR V
Posted on March 15, 2024
Hello Team,
We have seen an issue related to Android Encrypted Shared Preference access from a different container in Android.
Ours is a custom DPC application, which creates another profile and container in the Android application space. The data will be migrated from personal space to this container during the transition.
In our use case, we create an encrypted shared preference when the application is in the personal space and store some data in it. After the container is created, it migrates the application data from personal space to this new container.
As we know encrypted shared preference is backed with a master key. This master key is accessible, but while trying to get the Encrypted shared preference using the master key, it throws exception like below;
[android.security.keystore.AndroidKeyStoreCipherSpiBase.engineDoFinal(AndroidKeyStoreCipherSpiBase.java:517),
javax.crypto.Cipher.doFinal(Cipher.java:1794),
com.google.crypto.tink.integration.android.AndroidKeystoreAesGcm.decryptInternal(AndroidKeystoreAesGcm.java:118),
com.google.crypto.tink.integration.android.AndroidKeystoreAesGcm.decrypt(AndroidKeystoreAesGcm.java:101),
com.google.crypto.tink.KeysetHandle.decrypt(KeysetHandle.java:919),
com.google.crypto.tink.KeysetHandle.readWithAssociatedData(KeysetHandle.java:804),
com.google.crypto.tink.KeysetHandle.read(KeysetHandle.java:785),
com.google.crypto.tink.integration.android.AndroidKeysetManager$Builder.readMasterkeyDecryptAndParseKeyset(AndroidKeysetManager.java:381),
com.google.crypto.tink.integration.android.AndroidKeysetManager$Builder.build(AndroidKeysetManager.java:297),
androidx.security.crypto.EncryptedSharedPreferences.create(EncryptedSharedPreferences.java:169),
androidx.security.crypto.EncryptedSharedPreferences.create(EncryptedSharedPreferences.java:130),
Kindly let us know whether this a bug or a security limitation or intended behaviour.
Thank you!
Posted on March 15, 2024
Join Our Newsletter. No Spam, Only the good stuff.
Sign up to receive the latest update from our blog.