SafeBox 1.1.0

SafeBox 1.1.0 introduces a new era of concurrent cryptography, memory-safe encryption, and lifecycle precision for Android's most secure key-value store. This release is the culmination of the 1.1.0 series, bringing together weeks of hardening, concurrency research, and community feedback.

---

Security Improvements

• XOR-based key masking
  The in-memory DEK is now XOR-masked with a SHA-256 hash, reconstructed only when needed, and zeroed out immediately. (#23)

• On-demand AES-GCM ciphers
  AesGcmCipherProvider now creates ciphers per use, reducing persistent memory risks. (#28)

---

Cryptographic Concurrency

• CipherPool
  A thread-safe, coroutine-friendly Cipher pool for safe reuse in high-concurrency environments. Built with a load-factor strategy and background scaling. (#25)

• SafeBoxExecutor
  An internal executor powering CipherPool scaling and future crypto tasks. Reusable for advanced use cases. (#25)

• Thread-safe Key Access
  SafeSecretKey and SecureRandomKeyProvider are now concurrency-aware via atomic key caching and minimal locking. (#26)

---

Lifecycle Precision

• SafeBoxStateManager
  Centralized lifecycle controller tracking STARTING, WRITING, IDLE, and CLOSED. Ensures valid state transitions across async or nested writes. (#17)

• Global Observability
  New APIs like SafeBoxGlobalStateObserver and SafeBoxStateListener allow global and per-instance tracking of SafeBox states. (#12)

---

Compatibility & Maintainability

• compileSdk bumped to 36
  Future-proofs SafeBox against the latest Android SDK changes. (#2)

• Safer BouncyCastle injection
  Now performed lazily and only when ChaCha20 is missing. Prevents overwriting host app crypto configs. (#1)

---

Benchmark Update

See the new performance benchmarks comparing v1.1.0 against EncryptedSharedPreferences.

Highlights include:

• 100x faster initialization
• 2x faster write throughput
• Better concurrency under heavy commit loads

---

Gradle Setup

implementation("io.github.harrytmthy-dev:safebox:1.1.0")

---

Crafted with care by Harry Timothy Tumalewa
If SafeBox made your app more secure or saved you time, please consider ⭐ starring the repo or sponsoring on GitHub!

SafeBox 1.1.0-rc01

What's new in v1.1.0-rc01

This release introduces stronger runtime security and concurrency guarantees, along with minor internal refactors to improve maintainability and forward compatibility.

---

Security Improvements

• XOR-based key masking
  SafeSecretKey now stores the DEK (Data Encryption Key) in a masked form inside off-heap memory. The original key is reconstructed only when needed and immediately wiped after use. (#23)

• On-demand Cipher initialization for AES-GCM
  AesGcmCipherProvider no longer holds a long-lived Cipher instance, reducing the risk of heap-retained sensitive material. (#28)

---

Concurrency Enhancements

• CipherPool
  SafeBox now uses a coroutine-friendly, bounded pool to safely reuse Cipher instances across threads. Prevents race conditions in read-heavy environments. (#25)

• Thread-safe key unmasking
  SecureRandomKeyProvider and SafeSecretKey now support parallel access by minimizing synchronized blocks and using atomic caching. (#26)

---

Internal Changes

• SafeBoxExecutor
  A reusable internal executor for background cryptographic tasks like pool scaling. Publicly accessible for custom use cases. (#30)

• Improved BouncyCastleProvider handling
  ChaCha20 now verifies provider capabilities and safely installs BouncyCastle only when needed. This avoids unintentional global provider overrides. (#1)

• compileSdk bumped to 36
  Ensures SafeBox remains compatible with the latest Android APIs. (#2)

---

This is the first release candidate in the 1.1.0 series. If no issues are reported, the final 1.1.0 release will follow shortly.

SafeBox 1.1.0-beta01

What's new in v1.1.0-beta01

• SafeBoxStateManager is now the internal authority for lifecycle tracking. It coordinates WRITING, IDLE, and CLOSED states in a centralized, thread-safe manner. Ensures consistent behavior across apply(), commit(), and closeWhenIdle() flows. (#17)
• Write guard after closure: Once SafeBox transitions to CLOSED, all subsequent write operations are ignored. Prevents late WRITING emissions and enforces clean shutdown behavior. (#19)

Behavior Changes

• The state will immediately jump from STARTING to WRITING if pending writes exist, skipping IDLE.
• Bulk or nested writes will hold the state at WRITING and emit IDLE only once all operations are complete.
• Write operations after closure are now silently ignored to maintain lifecycle integrity.

Docs & Migration

• No API changes were introduced.
• Internal lifecycle logic is fully documented in SafeBoxStateManager.kt.

---

If no major issues are found, rc01 will follow shortly.

SafeBox 1.1.0-alpha01

What's new in v1.1.0-alpha01

This alpha release introduces SafeBoxMigrationHelper: a safe and convenient way to migrate from EncryptedSharedPreferences or plain SharedPreferences to SafeBox.

SafeBoxMigrationHelper.migrate(from = oldPrefs, to = safeBox)

If you're evaluating or contributing to SafeBox, we’d love your feedback!

SafeBox 1.0.0

SafeBox is a fast and secure replacement for Android's SharedPreferences, built from the ground up with memory-mapped I/O and ChaCha20-Poly1305 encryption.

This initial 1.0.0 release marks the first stable version published to Maven Central.

Highlights

• High-performance storage using memory-mapped file access.
• Dual-layer encryption: AES-GCM key wrapping + ChaCha20-Poly1305 values.
• Designed for testability, composability, and modern Android architecture.
• Includes full Javadoc and source JARs for seamless IDE support.

Gradle Setup

implementation("io.github.harrytmthy-dev:safebox:1.0.0")

Authored with care by Harry Timothy Tumalewa

---

If you like this library or find it helpful, consider starring ⭐ the repo to support its visibility!