diff --git a/patches/enable-secure-storage.patch b/patches/enable-secure-storage.patch new file mode 100644 index 00000000..78fea235 --- /dev/null +++ b/patches/enable-secure-storage.patch @@ -0,0 +1,26 @@ +diff --git a/mobile/android/fenix/app/src/main/java/org/mozilla/fenix/components/BackgroundServices.kt b/mobile/android/fenix/app/src/main/java/org/mozilla/fenix/components/BackgroundServices.kt +index 1e64545a12..d036ff0949 100644 +--- a/mobile/android/fenix/app/src/main/java/org/mozilla/fenix/components/BackgroundServices.kt ++++ b/mobile/android/fenix/app/src/main/java/org/mozilla/fenix/components/BackgroundServices.kt +@@ -107,7 +107,7 @@ class BackgroundServices( + // Enable encryption for account state on supported API levels (23+). + // Just on Nightly and local builds for now. + // Enabling this for all channels is tracked in https://github.com/mozilla-mobile/fenix/issues/6704 +- secureStateAtRest = Config.channel.isNightlyOrDebug, ++ secureStateAtRest = true, + ) + + @VisibleForTesting +diff --git a/mobile/android/fenix/app/src/main/java/org/mozilla/fenix/components/Core.kt b/mobile/android/fenix/app/src/main/java/org/mozilla/fenix/components/Core.kt +index cfbdaba62c..527bc82177 100644 +--- a/mobile/android/fenix/app/src/main/java/org/mozilla/fenix/components/Core.kt ++++ b/mobile/android/fenix/app/src/main/java/org/mozilla/fenix/components/Core.kt +@@ -666,7 +666,7 @@ class Core( + SecureAbove22Preferences( + context = context, + name = KEY_STORAGE_NAME, +- forceInsecure = !Config.channel.isNightlyOrDebug, ++ forceInsecure = false, + ) + + // Temporary. See https://github.com/mozilla-mobile/fenix/issues/19155 diff --git a/scripts/patches.yaml b/scripts/patches.yaml index 24e4d4b3..33b302e0 100644 --- a/scripts/patches.yaml +++ b/scripts/patches.yaml @@ -433,6 +433,13 @@ patches: effect: "Protects users against total compromise of any and all cryptographic security." category: "Security" + - file: "enable-secure-storage.patch" + name: "Enable Secure Storage" + description: "Enables the use of encrypted storage (via Android's Keystore system: https://developer.android.com/privacy-and-security/keystore) for Firefox account state and certain preferences." + reason: "To improve privacy and security for users, by leveraging Android's Keystore system for storing certain data." + effect: "Protects users against unauthorized use/compromise of their data." + category: "Security" + # User Control - file: "enable-secret-settings.patch" name: "Enable Secret Settings"