Skip to content
/ Android-DataStore-Tink-Migration Public

A reference implementation for migrating from deprecated EncryptedSharedPreferences to Proto DataStore secured by Google Tink.

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Jaypatelbond/Android-DataStore-Tink-Migration

BranchesTags

Repository files navigation

Encrypted DataStore Sample App (Migration Demo)

This sample app demonstrates how to migrate from the deprecated EncryptedSharedPreferences to the modern Proto DataStore secured by Google Tink.

🚀 Overview

As of 2025, EncryptedSharedPreferences is deprecated. This project serves as a reference implementation for migrating your secure storage to a robust, future-proof architecture using:

  • Jetpack DataStore (Proto): Type-safe, asynchronous, and main-thread safe storage.
  • Google Tink (StreamingAead): Industry-standard encryption that encrypts the data stream on-the-fly.

✨ Features

  • 🔐 Secure Storage: Uses AES-128 GCM HKDF 4KB streaming encryption via Google Tink.
  • 📦 Type Safety: Uses Protocol Buffers (user_prefs.proto) to define the data schema.
  • 🔄 Seamless Migration: Includes a SharedPreferencesMigration strategy to automatically move data from old SharedPreferences (or EncryptedSharedPreferences) to DataStore upon first launch.
  • ⚡ Modern Android: Built with Kotlin, Coroutines, Flow, and Hilt.

🛠️ Architecture

The Old Way (Deprecated)

  • EncryptedSharedPreferences: Wrapped SharedPreferences with an encryption layer.
  • Issues: Synchronous I/O on main thread, strict mode violations, and stability issues on some devices.

The New Way (Implemented Here)

  1. CryptoManager: Manages the Tink keyset (stored in Android Keystore) and provides encrypt/decrypt streams.
  2. UserPreferencesSerializer: Intercepts DataStore read/write operations. It decrypts the stream before parsing the Proto object and encrypts it before writing to disk.
  3. DataStoreRepository: Exposes a clean API (Flow<UserPreferences>) and handles the migration logic.

📲 Installation

  1. Clone this repository.
  2. Open in Android Studio (Koala or newer recommended).
  3. Run on an emulator or physical device.

🔍 Verification

To verify the encryption:

  1. Run the app and save some data.
  2. Open Device File Explorer in Android Studio.
  3. Navigate to /data/data/com.encryptedsharedprefrencesdemo/files/datastore/user_prefs.pb.
  4. Try to open the file. You will see unreadable binary data, confirming that Tink is working!

📚 Resources

📄 License

This project is licensed under the MIT License.

About

A reference implementation for migrating from deprecated EncryptedSharedPreferences to Proto DataStore secured by Google Tink.

Topics

android protobuf sharedpreferences jetpack datastore encryptedsharedpreferences datastore-android datastore-preferences

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages