Security

This table lists all the artifacts in the androidx.security group.

Declaring dependencies

To add a dependency on Security, you must add the Google Maven repository to your project. Read Google's Maven repository for more information.

Add the dependencies for the artifacts you need in the build.gradle file for your app or module:

dependencies {
    implementation "androidx.security:security-crypto:1.0.0"

    // For Identity Credential APIs
    implementation "androidx.security:security-identity-credential:1.0.0-alpha02"

     // For App Authentication APIs
    implementation "androidx.security:security-app-authenticator:1.0.0-alpha02"

    // For App Authentication API testing
    androidTestImplementation "androidx.security:security-app-authenticator:1.0.0-alpha01"
}

dependencies {
    implementation("androidx.security:security-crypto:1.0.0")

    // For Identity Credential APIs
    implementation("androidx.security:security-identity-credential:1.0.0-alpha02")

    // For App Authentication APIs
    implementation("androidx.security:security-app-authenticator:1.0.0-alpha02")

    // For App Authentication API testing
    androidTestImplementation("androidx.security:security-app-authenticator:1.0.0-alpha01")

}

For more information about dependencies, see Add build dependencies.

Feedback

Your feedback helps make Jetpack better. Let us know if you discover new issues or have ideas for improving this library. Please take a look at the existing issues in this library before you create a new one. You can add your vote to an existing issue by clicking the star button.

Create a new issue

See the Issue Tracker documentation for more information.

Security-App-Authenticator Version 1.0.0

Version 1.0.0-alpha02

June 2, 2021

androidx.security:security-app-authenticator:1.0.0-alpha02 is released. Version 1.0.0-alpha02 contains these commits.

API Changes

• In preparation to support the new knownSigner permission protection flag introduced in Android 12, the digestAlgorithm attribute can no longer be specified in the configuration; instead all certificate digests should be computed using SHA-256.

Bug Fixes

• All certificate digests provided in the configuration are now normalized to ensure a successful signature match can be reported both when the digest is computed at runtime as well as when an explicit signing identity is defined when using the testing library.

Security-App-Authenticator-Testing Version 1.0.0-alpha01

June 2, 2021

androidx.security:security-app-authenticator-testing:1.0.0-alpha01 is released. Version 1.0.0-alpha01 contains these commits.

New Features

This testing library provides a builder that can be used to configure an injectable AppAuthenticator to meet the requirements of the test. This library supports several methods to configure the AppAuthenticator:

• A generic test policy can be specified that reports a signature match for all packages declared in the configuration.
• Individual packages can be specified to return a signature match with all other packages reporting no match.
• Explicit signing identities can be set for each package; the resulting AppAuthenticator will then only report a signature match if the provided identity matches the declaration in the configuration file.
• Packages can also be treated as not installed or having an explicit uid.

Version 1.0.0-alpha01

May 5, 2021

androidx.security:security-app-authenticator:1.0.0-alpha01 is released. Version 1.0.0-alpha01 contains these commits.

New Features

AppAuthenticator is a new library aimed at simplifying verification of app trust based on signing identity. An app just needs to specify an XML configuration file containing the package names and signing identities of trusted apps, and the library will take care of verifying the signing identity of apps at runtime.

Version 1.1.0

Security-Crypto-Ktx Version 1.1.0-alpha03

May 18, 2021

androidx.security:security-crypto-ktx:1.1.0-alpha03 is released. Version 1.1.0-alpha03 contains these commits.

Updated to match androidx.security:security-crypto:1.1.0-alpha03.

Version 1.1.0-alpha03

December 2, 2020

androidx.security:security-crypto:1.1.0-alpha03 is released. Version 1.1.0-alpha03 contains these commits.

New Features

• Updated Tink to stable release 1.5.0

Version 1.1.0-alpha02

August 5, 2020

androidx.security:security-crypto:1.1.0-alpha02 and androidx.security:security-crypto-ktx:1.1.0-alpha02 are released. Version 1.1.0-alpha02 contains these commits.

New Features

• Updated Tink to stable release 1.4.0

Bug Fixes

• Tink update should fix R8 and Proguard issues with shaded Protobuf dependency.
• Tink update should gracefully handle AndroidKeyStore concurrency failures.

External Contribution

• clear mKeysChanged on apply, fix for EncryptedSharedPreferences (aosp/1323026)

Version 1.1.0-alpha01

June 10, 2020

androidx.security:security-crypto:1.1.0-alpha01 is released. Version 1.1.0-alpha01 contains these commits.

New Features

• Lollipop (API Level 21+) is now supported. Please note that the AndroidKeyStore is not used for API 21 and 22. (I7c12d, b/132325342)
• New MasterKey class provides more options for keys, also deprecating MasterKeys to support new features and versions of Android that do not have KeyGenParamSpec.

Security-Identity-Credential Version 1.0.0

Security-Identity-Credential Version 1.0.0-alpha02

February 24, 2021

androidx.security:security-identity-credential:1.0.0-alpha02 is released. Version 1.0.0-alpha02 contains these commits.

Bug Fixes

• Update Identity Credential API to match Android 12 plans (Iff83e)

Security-Identity-Credential Version 1.0.0-alpha01

August 19, 2020

androidx.security:security-identity-credential:1.0.0-alpha01 is released. Version 1.0.0-alpha01 contains these commits.

New Features

This Jetpack release features a Jetpack version of the Identity Credential APIs which was added to Android 11 and API level 30. If running on Android 11 and the device has hardware-backed Identity Credential support then this Jetpack simply forwards calls to the platform API. Otherwise, an Android Keystore-backed implementation will be used. While the Android Keystore-backed implementation does not provide the same level of security and privacy it is perfectly adequate for both holders and issuers in cases where all data is issuer-signed. This library requires API level 24 or later.

The Identity Credential APIs provide an interface to a secure store for user identity documents. These APIs are deliberately fairly general and abstract. To the extent possible, specification of the message formats and semantics of communication with credential verification devices and Issuing Authorities (IAs) is out of scope for these APIs. The data structures that the APIs do depend on are compatible with the data structures in the soon to be released ISO/IEC IS 18013-5 Personal identification — ISO-compliant driving licence — Part 5: Mobile driving licence (mDL) application standard.

API Changes

• Added Identity Credential Jetpack. (Icf90b)

Version 1.0.0

Version 1.0.0

April 21, 2021

androidx.security:security-crypto:1.0.0 is released. Version 1.0.0 contains these commits.

Major features of 1.0.0

Feature highlights

• EncryptedFile, provides encrypted input and output streams to read/write encrypted data to a File.
• EncryptedSharedPreferences, provides an implementation of SharedPreferences that automatically encrypts/decrypts all keys and values.
• Provides simple key generation via MasterKeys.
• Relies on Tink 1.5.0 for increased stability.

Version 1.0.0-rc04

January 13, 2021

androidx.security:security-crypto:1.0.0-rc04 is released. Version 1.0.0-rc04 contains these commits.

Bug Fixes

• Upgraded Tink to 1.5.0 for increased stability.

Version 1.0.0-rc03

August 5, 2020

androidx.security:security-crypto:1.0.0-rc03 is released. Version 1.0.0-rc03 contains these commits.

New Features

• Updated Tink to stable release 1.4.0

Bug Fixes

• Tink update should fix R8 and Proguard issues with shaded Protobuf dependency.
• Tink update should gracefully handle AndroidKeyStore concurrency failures.

External Contribution

• clear mKeysChanged on apply, fix for EncryptedSharedPreferences (aosp/1323026)

Version 1.0.0-rc02

May 20, 2020

androidx.security:security-crypto:1.0.0-rc02 is released. Version 1.0.0-rc02 contains these commits.

Bug Fixes

• Updated to Tink version 1.4.0-rc2, which shades the proto buf lite dep. This solves the widely reported issue of clashing with other android sdks. (I8a831)
• Fixed apply() in EncryptedSharedPreferences. (I29069, b/154366606)

Version 1.0.0-rc01

April 15, 2020

androidx.security:security-crypto:1.0.0-rc01 is released. Version 1.0.0-rc01 contains these commits.

Bug Fixes

• Added checks to ensure that if a KeyGenParamSpec is passed in to MasterKeys.getOrCreate that if getUserAuthenticationRequired returns true that getUserAuthenticationValidityDurationSeconds returns a value >0. (I911f5) (b/152644939)

Version 1.0.0-beta01

March 18, 2020

androidx.security:security-crypto:1.0.0-beta01 is released with no changes since 1.0.0-alpha02. Version 1.0.0-beta01 contains these commits.

Version 1.0.0-alpha02

May 23, 2019

androidx.security:security-crypto:1.0.0-alpha02 is released. The commits included in this version can be found in this commit log.

Bug fixes

• Fixed issue retrieving key/values associated with shared preferences from getAll().
• Blocked usage of restricted preference keys.
• Minor Javadoc updates.

Version 1.0.0-alpha01

May 7, 2019

androidx.security:security-crypto:1.0.0-alpha01 is released. The commits included in this version can be found here.

New feature highlights

• EncryptedFile, provides encrypted input and output streams to read/write encrypted data to a File.
• EncryptedSharedPreferences, provides an implementation of SharedPreferences that automatically encrypts/decrypts all keys and values.
• Provides simple key generation via MasterKeys.