Encryption

The Kinvey Android library uses Realm to persist data in local storage. We rely on Realm's encryption support to encrypt database files on disk.

Setup

You can instruct the Kinvey library to encrypt your local data when you initialize the Kinvey Client.

Client mKinveyClient = new Client.Builder(this)
                                 .setEncryptionKey(encryptionKey)
                                 .build();

You are responsible for generating an encryption key and providing to the setEncryptionKey method above. By doing so, you can decide how to generate and store the key. We recommend referring to the Android Keystore System guide and Securely Storing Secrets guide for best practices on generating and storing keys.

  • Providing an encryption key will enable the encryption of data and files in local storage. User credentials are always stored securely.

  • If you set an encryption key when you build a Client, it will be automatically be used for encryption of both the DataStore and the FileStore.

  • If you have persisted data or files that were previously not encrypted, they will be encrypted when you create a client with an encryption key. As a result, all subsequent attempts to access these will require this encryption key.