Flex Mobile Development – Encrypting Data

September 22, 2011By 22 Comments

Adobe AIR 3.0 Beta is now publicly available and includes a key feature that many may not yet be aware of, EncryptedLocalStore support. The EncryptedLocalStore is a class that ‘provides a persistent, encrypted data storage mechanism.’ This class was available for use in AIR Desktop applications but restricted on mobile until this latest AIR 3.0 release. It’s very simple to use. I created a sample with it, showing how you might save a person’s login data. Below are some code snippets that show the key parts of use for storing, retrieving and removing data using it, followed by a link to the sample project source code:

protected function storeLoginData():void
{
	if (userid.text!=null)
	{
	    var pwBytes:ByteArray = new ByteArray();
	    pwBytes.writeUTFBytes(password.text);
	    EncryptedLocalStore.setItem(userid.text, pwBytes);
	    ...
        }
	...
}
protected function retrievePassword():void
{
        ...
	if (userid.text!=null && userid.text.length>0) {
		var storedValue:ByteArray = EncryptedLocalStore.getItem(userid.text);
		if (storedValue!=null) {
			password.text = storedValue.readUTFBytes(storedValue.length);
			this.chkRemember.enabled=false;
		}
		else {
			erase();
			log.appendText("No stored data found for userid: " + userid.text);
		}
	}
        ...
}
protected function removeLoginData():void
{
	if (userid.text != null && userid.text.length>0) {
		EncryptedLocalStore.removeItem(userid.text);
	}
	...
}

Please note that you will need to add the compiler argument -> -swf-version=13 to any projects you build that use this. Right click on the Project root and select Properties -> Flex Compiler and add it into the additional compiler arguments. Mine looks like this:

HERE is the sample project source code

Note: You could/should also join the Flex/Flash Builder 4.6 prerelease to get the latest versions which includes the AIR 3.0 SDK and a bunch of other new features explained in detail here!

Filed in: Adobe AIRAIR for AndroidFlash Builder 4.5Flex 4.5Flex 4.5/MobileFlex 4.6Flex MobileMobile DevelopmentUncategorized

About the Author ()

Comments (22)

Trackback URL | Comments RSS Feed

Sites That Link to this Post

  1. Flex Mobile Development – Encrypting Data | Flash Player roundup | October 6, 2011
  1. Lee says:

    Hi Holly,

    This is very useful. But how is the actual data being stored on the device? Is it using symmetric encryption or somehow using public keys? I guess what I’m getting to is: how secure is this?

    Also, this part of the code looks odd:
    var pwBytes:ByteArray = new ByteArray();
    pwBytes = new ByteArray();

    Regards,

    Lee

  2. Nathan Kring says:

    Great article! It might be worth noting that you need to add “-swf-version=13″ to your compiler arguments in order to get it to work. Thanks!

  3. CV says:

    It seems you are using flex 4.5.2 SDK .. is it available yet ? if not when would it be ? with 4.5.1 it does not allow to run the application. it throws runtime error.

  4. Saidi Reddy says:

    Hi i have one query could u please help me , Panel control not supported for Flex Mobile Project in Flash builder 4.5. There is any alternate control to add some data dynamically (using Actin Script). please help me thanks in advance …

  5. Raffi says:

    Hi Holly, I am developing our GIS web application for iOS, which has GPS functionality (zoom map to where I am). We are using Flash Builder 4.5 for coding, and somehow the Locate Me function is not working. This could be an issue only with my iPhone, the reason I say that is when I test an Ad Hoc built of the application on my iPhone 4, and setting GPS and location-services as required devices, the application wont install on my iPhone, with an error message of device not being compatible generated by iTunes. Here is the code in my Main-app.xml file for the iPhone section:

    <![CDATA[
    UIDeviceFamily

    1
    2

    telephony
    YES
    UIRequiredDeviceCapabilities

    location-services
    YES
    GPS
    YES

    ]]>
    high

    Another code that replaced the above was:

    <![CDATA[
    UIDeviceFamily

    1
    2

    telephony
    YES
    UIRequiredDeviceCapabilities

    location-services
    GPS

    ]]>
    high

    The above one did install on my iPhone, but the Locate Me function was not working (map does not zoom to device’s location). Though Google Map’s same functionality is working, and my location service in my iPhone is enabled.

    here is my actionscript code:
    private function init():void
    {

    geolocation_creationCompleteHandler(‘onStart’);

    }

    public var geolocationType:String;
    protected function geolocation_creationCompleteHandler(type:String):void

    {
    if(type == ‘onStart’)
    {
    geolocationType = type;

    }
    else
    {

    geolocationType = ‘fButton’;
    }
    if( Geolocation.isSupported )

    {

    g = new Geolocation();
    locateMeBut.enabled = true;
    g.setRequestedUpdateInterval(1000);

    if( g.muted )

    {

    locateMeBut.enabled = false;
    myMap.addEventListener(MapEvent.LOAD, goToInitialExtent);
    return;

    }

    g.addEventListener(GeolocationEvent.UPDATE,geoLocation_UpdateHandler, false,0,true);

    }
    else
    {
    //don’t do anything, gps is not supported or not on

    }

    }

  6. Raffi says:

    I think I found a solution, thank you :) Your posts are great!!

  7. Lee says:

    Hi Holly,

    I raised a question earlier about the security mechanism used for this.

    I’ve had a chance to review AIR 3 and play with this under iOS and Android (soon PlayBook), and I think that I know the answer:
    It seems that the AIR EncryptedLocalStore uses the underlying operating system APIs for security.

    This seems to work securely under iOS, but not Android. On Android (2.3 in my case), you can get at the data by simply rooting the device.

    I will test this later on PlayBook.

    This raises a huge issue: How do I know for certain that the data has truly been encrypted? Should it not throw an exception under Android? Once again, any hacker would be able to get at the data.

    Please let me know if this is a bug, or if there is something I missed.

    Of course, a weak work-around would be to specifically check for Android and to warn the user that the data is not secure.

    The other option is to create an encryption ANE and specifically ask the user for a password, or use a ticketing mechanism to automate this. Either way, that’s a lot more work.

    Regards,

    Lee

  8. Mike says:

    Hi Holly,

    Great tutorial! I have a question. Is there a way to download mp4 videos to a device (iPad) with Flash Builder and AIR3 and access them through a Flash Builder app?

    Thanks
    Mike

  9. Joe says:

    Hi Holly,
    Maybe you can help me out. I’m trying to use EncryptedLocalStore for AIR. I got it to work well, but it’s not supported on AIR for Android. Is there an alternative ‘saving’ mechanism?

  10. Joe says:

    Well Holly, I’m not sure. The player option I selected in Flash CS5.5 simply reads ‘AIR for Android’ and doesn’t specify which version. Should I try downloading an update?
    Thanks

  11. Mike says:

    I am reading mixed messages that EncryptedLocalstore will not work if the Air application is updated even if the publisher id is not changed. Is this true?

  12. Fahim says:

    Hi
    i want to know how to open a PDF file in android Motorola XOOM
    i used the StageWebView method but it works in windows but when i checked it on device it shows just white empty screen
    even i first download the file from server save it locally and then try to open but nothing.
    file saves in android but not opening in device.
    please i need solution.

    • Kedar says:

      Best way it to write native extension to open the files. In native extensions use intents.

      Intent intent = new Intent(android.content.Intent.ACTION_VIEW);
      intent.setDataAndType(Uri.parse(text), vibExtContext.mimeMap.get(text.substring(text.lastIndexOf(“.”)+1, text.length()).toLowerCase()));
      intent.setFlags(Intent.FLAG_ACTIVITY_NEW_TASK);
      context.getActivity().startActivity(intent);

  13. madi badi says:

    merhaba,

    paylasiminiz icin tesekkur ederim..

    gizli ilimler ve yer altı sanatları hakkında her şeye kolaylıkla ulaşabilirsiniz…

    saygılar

    =================

    hello,

    thanks for share,

    can u share with us some public great source codes for ios and android?

    kind regards.

Leave a Reply