[Android] Use old algorithms as default

westracer · westracer · commit fb5a38933821 · 2026-01-14T10:42:48.000+01:00
diff --git a/flutter_secure_storage/CHANGELOG.md b/flutter_secure_storage/CHANGELOG.md
@@ -1,7 +1,8 @@
 ## Fork
 
-* Enabled StrongBox by default, use fallback if it's not available.
+* [Android] Enabled StrongBox by default, use fallback if it's not available.
 * [Android] Method to check if an Android device supports Strongbox
+* [Android] Use old algorithms as default (migration to AES_GCM_NoPadding is broken and fails)
 
 ## 10.0.0
 This major release brings significant security improvements, platform updates, and modernization across all supported platforms.
diff --git a/flutter_secure_storage/lib/options/android_options.dart b/flutter_secure_storage/lib/options/android_options.dart
@@ -48,13 +48,13 @@ class AndroidOptions extends Options {
         'Your data will be automatically migrated to custom ciphers on first '
         'access. Remove this parameter - it will be ignored.')
     bool encryptedSharedPreferences = false,
-    bool resetOnError = true,
+    bool resetOnError = false,
     bool migrateOnAlgorithmChange = true,
     bool enforceBiometrics = false,
     KeyCipherAlgorithm keyCipherAlgorithm =
-        KeyCipherAlgorithm.RSA_ECB_OAEPwithSHA_256andMGF1Padding,
+        KeyCipherAlgorithm.RSA_ECB_PKCS1Padding,
     StorageCipherAlgorithm storageCipherAlgorithm =
-        StorageCipherAlgorithm.AES_GCM_NoPadding,
+        StorageCipherAlgorithm.AES_CBC_PKCS7Padding,
     this.sharedPreferencesName,
     this.preferencesKeyPrefix,
     this.biometricPromptTitle,
@@ -80,7 +80,7 @@ class AndroidOptions extends Options {
         'The Jetpack Security library is deprecated by Google. '
         'Remove this parameter - it will be ignored.')
     bool encryptedSharedPreferences = false,
-    bool resetOnError = true,
+    bool resetOnError = false,
     bool migrateOnAlgorithmChange = true,
     bool enforceBiometrics = false,
     this.sharedPreferencesName,
@@ -91,8 +91,8 @@ class AndroidOptions extends Options {
         _resetOnError = resetOnError,
         _migrateOnAlgorithmChange = migrateOnAlgorithmChange,
         _enforceBiometrics = enforceBiometrics,
-        _keyCipherAlgorithm = KeyCipherAlgorithm.AES_GCM_NoPadding,
-        _storageCipherAlgorithm = StorageCipherAlgorithm.AES_GCM_NoPadding;
+        _keyCipherAlgorithm = KeyCipherAlgorithm.RSA_ECB_PKCS1Padding,
+        _storageCipherAlgorithm = StorageCipherAlgorithm.AES_CBC_PKCS7Padding;
 
   /// EncryptedSharedPrefences are only available on API 23 and greater
   final bool _encryptedSharedPreferences;
