NIAP: View Technical Decision Details
NIAP/CCEVS
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
Archived TD0624:  Addition of DataStore for Storing and Setting Configuration Options

Publication Date
2022.02.28

Protection Profiles
PP_APP_v1.4

Other References
FMT_MEC_EXT.1

Issue Description

FMT_MEC_EXT.1, in PP_APP_v1.4, states that the application must only use the mechanisms recommended by the platform vendor for storing and setting configuration options. In the Evaluation Activity section, it lists the following permissible mechanisms on Android:

1. SharedPreferences

2. PreferenceActivity

Since the SFR was written, Android has come out with a new mechanism called DataStore [0]. They recommend using DataStore instead of SharedPreferences because it's asynchronous, consistent, and transactional. It also supports protocol buffer based schemas, which provide type safety.

Resolution

This TD has been superseded by TD0747 on 6 Sep 2023, and is now archived.

In PP_APP_v1.4, under section FMT_MEC_EXT.1 Supported Configuration Mechanism, the Evaluation Activities, Tests is modified as follows, with strikethroughs denoting deletion and underlines denoting additions:

Platforms:Android...

The evaluator shall run the application and make security-related changes to its configuration. The evaluator shall check that at least one XML file exists at location /data/data/package/shared_prefs/ (for SharedPreferences )  and/or  /data/data/package/files/datastore (for DataStore) reflects the changes made to the configuration to verify that the application used SharedPreferences and/or PreferenceActivity classes for storing configuration data, where the package is the Java package of the application. For SharedPreferences the evaluator shall examine the XML file to make sure it reflects the changes made to the configuration to verify that the application used SharedPreferences and/or PreferenceActivity to store the configuration data. For DataStore the evaluator shall use a protocol buffer analyzer to examine the file to make sure it reflects the changes made to the configuration to verify that the application used DataStore to store the configuration data.

Justification

Since the SFR was written, Android has come out with a new mechanism called DataStore. It is recommend using DataStore instead of SharedPreferences because it's asynchronous, consistent, and transactional. It also supports protocol buffer based schemas, which provide type safety. The Evaluation Activity is updated to reflect this.

 
 
Site Map              Contact Us              Home