Summary
Replace EncryptedSharedPreferences with DataStore Preferences plus value-level encryption, aligning with current Android recommendations and improving reliability and async safety.
Current State
- Credentials, refresh interval, notifications, and reset times are stored via EncryptedSharedPreferences (
androidx.security:security-crypto).
- All reads/writes are synchronous; main-thread use risks StrictMode and is discouraged.
- EncryptedSharedPreferences is deprecated as of
security-crypto 1.1.0-alpha07; Google recommends DataStore + encryption for new code.
Proposed
Implement DataStore Preferences with in-app value encryption:
-
Storage
- Use DataStore Preferences (
androidx.datastore:datastore-preferences) for all secure preferences.
- Retain value-level encryption for sensitive fields (tokens, OAuth client secret, etc.) using Android KeyStore (AES-256-GCM).
-
API shape
- Suspend APIs:
loadCredential, saveCredential, deleteCredential, deleteAllCredentials, setRefreshInterval, setNotificationsEnabled, saveResetTimes, loadResetTimes — expose as suspend and call from coroutines (ViewModel, Repository, Worker).
- Sync-friendly APIs:
hasCredential, getRefreshInterval, isNotificationsEnabled — back with an in-memory cache updated on first read and after writes so Tile/UI can call them without blocking.
-
Call sites
- SettingsViewModel: Run load/save of credentials and settings inside
viewModelScope.launch or suspend blocks.
- QuotaRefreshWorker: Make
checkForResets suspend and call loadResetTimes / saveResetTimes from doWork().
- Repositories / DashboardViewModel / QuotaTileService: Repositories already use suspend; Tile can rely on cached
hasCredential — no API change needed there.
-
Dependencies
- Remove EncryptedSharedPreferences usage and androidx.security:security-crypto dependency.
- Use existing datastore-preferences and standard KeyStore / Cipher for encryption.
References
Migration note
Existing data in the old EncryptedSharedPreferences file will not be auto-migrated (different format). After this change, users may need to re-enter credentials once in Settings.
Summary
Replace
EncryptedSharedPreferenceswith DataStore Preferences plus value-level encryption, aligning with current Android recommendations and improving reliability and async safety.Current State
androidx.security:security-crypto).security-crypto1.1.0-alpha07; Google recommends DataStore + encryption for new code.Proposed
Implement DataStore Preferences with in-app value encryption:
Storage
androidx.datastore:datastore-preferences) for all secure preferences.API shape
loadCredential,saveCredential,deleteCredential,deleteAllCredentials,setRefreshInterval,setNotificationsEnabled,saveResetTimes,loadResetTimes— expose as suspend and call from coroutines (ViewModel, Repository, Worker).hasCredential,getRefreshInterval,isNotificationsEnabled— back with an in-memory cache updated on first read and after writes so Tile/UI can call them without blocking.Call sites
viewModelScope.launchor suspend blocks.checkForResetssuspend and callloadResetTimes/saveResetTimesfromdoWork().hasCredential— no API change needed there.Dependencies
References
Migration note
Existing data in the old EncryptedSharedPreferences file will not be auto-migrated (different format). After this change, users may need to re-enter credentials once in Settings.