I'm looking for a way to be able to encrypt all data written to the WebView cache. Since it has been deprecated, I am attempting to avoid using the CacheManager. My current strategy would be to catch all attempts to write to cache and encrypt the data just prior to writing it and to catch all requests for data from the cache so that I can decrypt the data before returning the data requested.
I guess it is possible to encrypt all your data. But it is probably better practice and security to just clear the data it after use. You are correct that you should not use CacheManager because it is deprecated.
Android Security designs recommends clearing the cache:
If your application accesses sensitive data with a WebView, you may want to use the clearCache() method to delete any files stored locally. Server side headers like no-cache can also be used to indicate that an application should not cache particular content.
from here: http://developer.android.com/guide/practices/security.html
But if you want to encrypt the data you will have to do it manually. So you would need to go to the directory where Android stores its cache and encrypt it yourself. There are different ways to do this depending on what you are trying to accomplish. How and when you do that will be up to you.
Off the top of my head, if you are trying to make a web browser application. the best way to do this is to create a wrapper class for the CookieStore or CookieManager class which could be found here:
http://developer.android.com/reference/java/net/package-summary.html
I hope this helps
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With