Add-On Security

Encrypted Storage

By default, all the data stored by the SDK on the device is inside the application sandbox. This prevents other applications from accessing the data(both read and write). Though due to compliance standards or any other use cases, you might want additionally encrypt the data stored on the SDK.

To enable this encryption you need to

SDK Installation

Installing using Catalog

Integration using a Version Catalog is the recommended way of integration; refer to the Configure Version Catalog document to configure a catalog if not done already. Once you have configured the catalog add the dependency in the app/build.gradle file as shown below

build.gradle
dependencies {
    ...
    implementation(moengage.storageEncryption)
implementation("androidx.security:security-crypto:1.1.0-alpha05") }

Alternatively, you can add the dependency directly as shown below.

Installing using Artifact Id

Artifact Name Artifact Id Version
Encrypted Storage encrypted-storage
Security security

Add the following dependency in the app/build.gradle file.

build.gradle
dependencies {
    ...
    implementation("com.moengage:encrypted-storage:$sdkVersion")
    implementation("com.moengage:security:$sdkVersion")
    implementation("androidx.security:security-crypto:1.1.0-alpha05")
}

replace $sdkVersion with the appropriate version.

Enabling Encryption

You can enable the storage encryption using the configureStorageSecurity() API in the MoEngage.Builder while initializing the SDK.

Kotlin Java
val moEngage = MoEngage.Builder(this, "YOUR_APP_ID")
    .configureStorageSecurity(StorageSecurityConfig(StorageEncryptionConfig(true)))
    .build()
MoEngage.initialise(moEngage)

Note:

  • If storage encryption is enabled in the initialization without adding the above-mentioned dependencies, SDK wouldn't function i.e. no events/user attributes would be tracked, push notifications would not be shown, etc.
  • Once storage encryption is enabled and a build is released to production(Play Store or other equivalent stores), you should not disable encryption. Disabling the encryption after the build is released will result in a new user being created in the MoEngage system when the user updates the application.

Encrypted Network Communication

By default, we use HTTPS protocol for all requests made from the SDK; HTTPS encrypts the requests by default. MoEngage SDK optionally adds another layer of encryption apart from the encryption done by HTTPS.
To enable this additional encryption, you need to

SDK Installation

If you have enabled Storage encryption, you can skip the installation step and jump to the Enabling Encryption step.

Installing using Catalog

Integration using a Version Catalog is the recommended way of integration, refer to the Configure Version Catalog document to configure a catalog if not done already. Once you have configured the catalog add the dependency in the app/build.gradle file as shown below

build.gradle
dependencies {
    ...
    implementation(moengage.security)
}

Alternatively, you can add the dependency directly, as shown below.

Installing using Artifact Id

Add the following dependency in the app/build.gradle file.

build.gradle
dependencies {
    ...
    implementation("com.moengage:security:$sdkVersion")
}

replace $sdkVersion with the appropriate SDK version.

Enabling Encryption

You can enable the network encryption using the configureNetworkRequest() API in the MoEngage.Builder while initializing the SDK.

Kotlin Java
val moEngage = MoEngage.Builder(this, "YOUR_APP_ID")
    .configureNetworkRequest(NetworkRequestConfig(NetworkDataSecurityConfig(true, "YOUR_TEST_ENVIRONMENT_ENCRYPTION_KEY", "YOUR_LIVE_ENVIRONMENT_ENCRYPTION_KEY")))
    .build()
MoEngage.initialise(moEngage)

Note: When using encrypted network communication, we strongly recommend you enable Storage encryption as well.

info

Note

Adding the above dependency and enabling the flag isn't enough for this feature to work; there is some additional configuration required on our side to enable this feature completely. In case you want to use this feature, reach out to your account manager or drop us an email at support@moengage.com.
Was this article helpful?
0 out of 0 found this helpful

How can we improve this article?