Encrypted String
Encryption best practice
iOS and watchOS
Using ENCRYPTED_STRING
and ENCRYPTED_STRING_IOS_WATCHOS
guarantees that the plaintext of the list item values will not be included in the resulting application binary, only the ciphertext. The ciphertext can only be decrypted by Appfigurate using the correct private key.
You can verify that the plain text is not included in the RELEASE application binary using the macOS strings
tool as follows:
Terminal
It is best practice to use ENCRYPTED_STRING
and ENCRYPTED_STRING_IOS_WATCHOS
to encrypt sensitive information such as server urls (e.g. internal test environments), rather than expose them as plain text.
Android
Using a combination of BuildConfig.ENCRYPTED
and ProGuard guarantees that the plaintext of the list item values will not be included in the resulting application binary, only the ciphertext. The ciphertext can only be decrypted by Appfigurate using the correct private key.
You can verify that the plaintext is not included in the RELEASE build variant APK or AAB using the macOS strings tool as follows:
Terminal
The dex2jar
tool can be installed using brew.
Mobile Flutter
The Appfigurate Flutter Plugin defers to the underlying native iOS app's APLConfiguration
or Android app's nz.co.electricbolt.appfiguratelibrary.Configuration
subclasses to read encrypted strings. Ensure you have read the encryption best practices for iOS and watchOS, and Android sections.
Objective-C (iOS, watchOS)
The default value of an encrypted NSString
is nil. You must change the default value of the property by assigning a new plain text value in an overridden reset
method.
This page describes encrypted strings. Appfigurate also supports plain textual strings.
NSString editable list implementation
The NSString
property can be changed in Appfigurate by allowing the user to select from a predefined list of valid choices. The user can customize the list adding by additional values using a text field and a regular expression validating input.
Objective-C example
Appfigurate UI element example
ENCRYPTED_STRING
macro
ENCRYPTED_STRING
macroFor an iOS app where the APLConfiguration
subclass has one public key use the ENCRYPTED_STRING
macro for each list item in the ENCRYPTED_STRING_PROPERTY_LIST_EDIT
.
The first parameter of the ENCRYPTED_STRING
macro is the plain text, and will be used by DEBUG
builds. The second parameter of the ENCRYPTED_STRING
macro is the ciphertext, and will be used by RELEASE
builds. To generate the ciphertext, use the AppfigurateSE app or source editor extension for Xcode.
Objective-C example
ENCRYPTED_STRING_IOS_WATCHOS
macro
ENCRYPTED_STRING_IOS_WATCHOS
macroFor an iOS and watchOS app where the APLConfiguration
subclass has two public keys, use the ENCRYPTED_STRING_IOS_WATCHOS
macro for each list item in the ENCRYPTED_STRING_PROPERTY_LIST_EDIT
macro.
The first parameter of the ENCRYPTED_STRING
macro is the plain text, and will be used by DEBUG
builds. The second and third parameters of the ENCRYPTED_STRING
macro are the ciphertext for iOS and watchOS apps, and will be used by RELEASE
builds. To generate the ciphertext, use the AppfigurateSE app or source editor extension for Xcode.
Objective-C example
Swift (iOS, watchOS)
The default value of an encrypted String
is nil. You must change the default value of the property by assigning a new plain text value in an overridden reset
method.
This page describes encrypted strings. Appfigurate also supports plain textual strings.
String editable list implementation
The String
property can be changed in Appfigurate by allowing the user to select from a predefined list of valid choices. The user can customize the list adding by additional values using a text field and a regular expression validating input.
The
encrypted
parameter ofEncryptedStringPropertyListEdit
must be the result of calling theENCRYPTED()
function. e.g.
Swift example
Appfigurate UI element example
ENCRYPTED_STRING
function
ENCRYPTED_STRING
functionFor an iOS app where the APLConfiguration
subclass has one public key use the ENCRYPTED_STRING
function for each list item in the @EncryptedStringPropertyListEdit
.
The first parameter of the ENCRYPTED_STRING
function is the plaintext, and will be used by DEBUG
builds. The second parameter of the ENCRYPTED_STRING
macro is the ciphertext, and will be used by RELEASE
builds. To generate the ciphertext, use the AppfigurateSE app or source editor extension for Xcode.
Swift example
ENCRYPTED_STRING_IOS_WATCHOS
function
ENCRYPTED_STRING_IOS_WATCHOS
functionFor an iOS and watchOS app where the APLConfiguration
subclass has two public keys, use the ENCRYPTED_STRING_IOS_WATCHOS
function for each list item in the @EncryptedStringPropertyListEdit
.
The first parameter of the ENCRYPTED_STRING
function is the plaintext, and will be used by DEBUG
builds. The second and third parameters of the ENCRYPTED_STRING
function are the ciphertext for iOS and watchOS apps, and will be used by RELEASE
builds. To generate the ciphertext, use the AppfigurateSE app or source editor extension for Xcode.
Swift example
ENCRYPTED
function
ENCRYPTED
functionUsed in conjunction with the @EncryptedStringPropertyListEdit
property wrapper. The encrypted
parameter of @EncryptedStringPropertyListEdit
must be the result of calling the ENCRYPTED()
function. e.g.
The function returns true
if the calling app has been compiled in RELEASE mode or false
if the calling app has been compiled in DEBUG mode.
Warning: This function will behave incorrectly if the apps build settings Swift compiler - Code generation ‣ Optimization Level
is set to Optimize for Size
(-Osize). The default Swift compiler optimization levels are No Optimization
for DEBUG
builds and Optimize for Speed
-Ospeed for RELEASE
builds. If you must use -Osize, then implement your own isEncrypted()
style function as follows:
Then call your own isEncrypted()
function instead of the provided ENCRYPTED()
function e.g.
Java (Android)
The default value of an encrypted String
is null. You must change the default value of the property by assigning a new plaintext value in an overridden reset
method.
This page describes encrypted strings. Appfigurate also supports plain textual strings.
BuildConfig.ENCRYPTED
build constant
BuildConfig.ENCRYPTED
build constantIn your application's build.gradle
:
Add the following into the
android
‣buildTypes
‣debug
section:Add the following into the
android
‣buildTypes
‣release
section:Ensure ProGuard runs on a Release build variant so that
BuildConfig.ENCRYPTED == false
dead code is stripped from the resulting APK or AAB (this will ensure the plaintext values are removed).
e.g.
Once you've modified build.gradle
and synced the Gradle project, ensure the generated BuildConfig.java
contains the following for a Debug build variant:
and the following for a Release build variant:
To generate the ciphertext, use the AppfigurateSE app.
String editable list implementation
The String
property can be changed in Appfigurate by allowing the user to select from a predefined list of valid choices. The user can customize the list adding by additional values using a text field and a regular expression validating input.
The
encrypted
parameter ofEncryptedStringPropertyListEdit
must be the result of callingBuildConfig.ENCRYPTED
. e.g.
You must implement a method with the same name as the property, but ending with
Values
. e.g. if your property name isurl
, your method must be namedurlValues
. The method must return aMap<String, String>
of the possible property values.
Java example
Appfigurate UI element example
Kotlin (Android)
The default value of an encrypted String
is null. You must change the default value of the property by assigning a new plaintext value in an overridden reset
method.
This page describes encrypted strings. Appfigurate also supports plain textual strings.
BuildConfig.ENCRYPTED
build constant
BuildConfig.ENCRYPTED
build constantIn your application's build.gradle
:
Add the following into the
android
‣buildTypes
‣debug
section:Add the following into the
android
‣buildTypes
‣release
section:Ensure ProGuard runs on a Release build variant so that
BuildConfig.ENCRYPTED == false
dead code is stripped from the resulting APK or AAB (this will ensure the plaintext values are removed).
e.g.
Once you've modified build.gradle
and synced the Gradle project, ensure the generated BuildConfig.java
contains the following for a Debug build variant:
and the following for a Release build variant:
To generate the ciphertext, use the AppfigurateSE app.
String editable list implementation
The String
property can be changed in Appfigurate by allowing the user to select from a predefined list of valid choices. The user can customize the list adding by additional values using a text field and a regular expression validating input.
The
encrypted
parameter ofEncryptedStringPropertyListEdit
must be the result of callingBuildConfig.ENCRYPTED
. e.g.
You must implement a method with the same name as the property, but ending with
Values
. e.g. if your property name isurl
, your method must be namedurlValues
. The method must return aMap<String, String>
of the possible property values.
Kotlin example
Appfigurate UI element example
Dart (Flutter for iOS, Flutter for Android)
The flutter APLNativeConfiguration
class defers to the underlying platform APLConfiguration
(iOS) or nz.co.electricbolt.appfiguratelibrary.Configuration
(Android) subclass to read property values.
The underlying platform property value can either be a plain textual string or an encrypted string.
String implementation
Dart example
Last updated