Hello. I have an app which deals with sensitive user data. I want to cache api response so they can be reused on several screens and modification as well as deletion of some data can be handled locally. There are around 15 endpoints which return data. What is the secure way to keep data while app is open and clear everything when app is closed. Thanks

you could use a user provided pin/code to encrypt/decrypt the data. You can also set a cache timeout to remove stale data. Pin -> Pin + Salt = unique hash -> use hash to decrypt or encrypt

Thanks for the reply. But my question was more from architecture perspective regarding caching. Should i use file caching (save json to getCacheDir ) or somewhere else

what kind of data is it ? and how is it accessed ? how much of the data needs to be adapted to your domain ? you could file store the raw files but then you will need to convert it to your desired format every time you access it which will use cpu cycles fr each request. Alternatively, you could convert into a format understood by your domain and store it in datastore, or Room with SQLCipher or something similar.

I am also considering Room as an option. Because it will also help in data updation on different screens. Do you think Room will be the best option to handle data updation across app and clear everything when app is closed? For example, we have a list on first page and user updates or delete a field on some other page (3 screens deep in the hierarchy) OR is there any other recommended way if we only want to fulfill Local app updation purpose. To answer your question, data is related to finances.

Yes, you can use flows to reactively update other sections of your app seamlessly with Room, thus making it is a very elegant solution. One question still stands however, what is the expiry on the data ? 30 minutes ? 1 day ? You will need a mechanism to automatically update the data, as well as the ability to manually update.

Thanks for the answer i was looking for. Regarding data validity actually i will not sustain beyond application scope. So once the application is destroyed data will also be deleted.

Sounds like you need an in-memory storage then tbh. Don’t need to persist it somewhere. Our use case is not really the same, but we use for example MemoryCache from apollo-kotlin for our GQL cache. It gets cleared when the app is killed. You might wanna do the same thing?