You might have heard that the Jetpack Security Crypto library (referred to here as Jetpack Security) has been deprecated. This raises several concerns, but don’t worry because we’ve developed a replacement called Ackee Guardian!
Jetpack Security Issues
The silent deprecation of Jetpack Security introduces significant challenges. The last stable version was released in April 2021, making it outdated for any library, especially a security-focused one. This version contains bugs related to synchronization, which were fixed in newer alpha versions but never backported as patches to the stable release.
Furthermore, there are additional bugs that we’ve discovered. Under certain conditions, operations can be slow and even block a thread, including unexpected scenarios like calling SharedPreferences.Editor.apply.
Another major issue is that Jetpack Security relies on an outdated version of the Tink library, which handles all low-level cryptographic operations. Unfortunately, this older version of Tink also has synchronization issues that have been resolved in newer releases.
Lastly, Google has not provided any alternative or reasonable guidance on what developers should use instead of Jetpack Security. Many apps in production already depend on it, and replacing encrypted data with plaintext is not feasible for most due to security requirements or government regulations. Migrating Jetpack Security’s logic to a custom-compatible implementation would also be a complex and time-consuming process.
Ackee Guardian to the Rescue!
Since we value the abstractions Jetpack Security offers for encrypted data and needed a solution to address the issues above, we created Ackee Guardian as a replacement.
Ackee Guardian ensures 100% data compatibility, meaning that if your project already uses Jetpack Security, you can seamlessly switch to Guardian. Simply replace the library, adjust your source code as needed, and run the app. Your existing encrypted data will remain intact. While we’ve aimed to minimize breaking changes in the source code, some were necessary to deliver meaningful improvements.
Ackee Guardian brings several enhancements to Jetpack Security, including:
- Rewritten in 100% Kotlin: A modern approach for better compatibility with contemporary Android development practices.
- Comprehensive test coverage: We ensured confidence in the implementation by first covering all existing functionality with tests before rewriting.
- Performance improvements: Blocking calls have been eliminated, and heavy methods are now
suspendfunctions. - Synchronization fixes: Addressed the synchronization issues present in Jetpack Security.
- Explicit dependency on Tink: To resolve the outdated library issue, Guardian requires clients to explicitly depend on Tink, giving better control over updates.
- Bug fixes: Fixed multiple issues in
EncryptedSharedPreferencesuncovered during testing.
But replacing Jetpack Security is just one part of what Ackee Guardian offers. There’s more!
Encrypted DataStore
While EncryptedSharedPreferences is useful, modern Android apps should ideally use DataStore instead of SharedPreferences. Unfortunately, Google has not provided an encrypted version of DataStore. Considering that a 4-year-old issue remains unresolved and without any activity from Google’s side, it seems unlikely they will implement this any time soon, despite significant demand from developers.
Fortunately, the DataStore API is flexible enough to allow custom encryption implementations. Since we had already rewritten Jetpack Security and gained deep expertise, we extended the same encryption logic to DataStore.
Ackee Guardian now offers encrypted variants of both DataStore and PreferenceDataStore classes, along with their corresponding property delegates.
More to Come
We are planning to add more features that were missing in the original API, such as the ability to rename or modify encrypted files. One of the new features we’ve already introduced in Ackee Guardian is the synchronization of all Android KeyStore operations. We’ve also exposed a common synchronization object, giving you the flexibility to extend synchronization to your custom KeyStore operations within your app.
You can learn more about these features and others in the project’s README.
Wrapping It Up
Thank you for taking the time to read about Ackee Guardian! I hope this library makes securing your Android apps easier and more reliable. If you come across a bug or have an idea for a new feature, feel free to create a GitHub issue. We would love to hear your feedback and collaborate with you to make Ackee Guardian even better!
So, let Ackee Guardian be your app’s fearless defender, standing vigilant against bugs, vulnerabilities, and threats. Just as the Guardians of the Galaxy protect the universe, Ackee Guardian is here to ensure your Android app stays safe and sound!
Happy coding! 🚀
