Sourced from flutter_secure_storage's releases.

v10.1.0

Android

• Added storageNamespace option to AndroidOptions for full namespace isolation across storage instances (SharedPreferences, KeyStore aliases, config/key storage). Use this instead of sharedPreferencesName when running multiple FlutterSecureStorage instances with different cipher configurations.
• Deprecated sharedPreferencesName in favor of storageNamespace, which provides complete isolation rather than data-only isolation.
• Added migrateWithBackup option to AndroidOptions for crash-resistant migration. When enabled, backup copies of encrypted data are created before migration starts, allowing recovery if migration fails or the app crashes mid-migration. Works in conjunction with migrateOnAlgorithmChange.
• Made KeyCipherAlgorithm and StorageCipherAlgorithm public enums.

Fixes:

• Fixed crash on biometric failure (not error).
• Fixed null safety issue in MethodRunner that could cause a crash on Android.
• Fixed config being overwritten on initialization.
• Fixed default Android key cipher not aligning with the Flutter default.

iOS / macOS

• Added useSecureEnclave option to IOSOptions and MacOsOptions to store keys in the device's Secure Enclave for hardware-backed security.

Fixes:

• Fixed kSecAttrSynchronizable being silently dropped when no access control flags are set.
• Fixed readAll not returning Secure Enclave items correctly.

v10.0.0

This major release brings significant security improvements, platform updates, and modernization across all supported platforms.

Android

Due to the deprecation of Jetpack Security library, the Android implementation has been largely rewritten with custom secure ciphers, enhanced biometrics support, and migration tools.

Breaking Changes:

• AndroidOptions().encryptedSharedPreferences is now deprecated due to Jetpack Crypto package deprecation
  • Migration will automatically happen due to migrateOnAlgorithmChange: true, which can also be set to false if not wanted.
• ResetOnError will now automatically be true, because most errors are unrecoverable due to key storage problems. It can still be disabled with resetOnError: false
• Default key cipher changed to RSA_ECB_OAEPwithSHA_256andMGF1Padding
• Default storage cipher changed to AES_GCM_NoPadding
• Minimum Android SDK changed from 19 to 23
• Target SDK updated to 36
• Migrated from deprecated Jetpack Crypto library to custom cipher implementation (Tink doesn't support biometrics)
• Migrated to Java Version 17

New Features:

• New named constructors: AndroidOptions(), AndroidOptions.biometric()
• AndroidOptions().migrateOnAlgorithmChange automatically migrates data to new ciphers when enabled
• Improved biometric authentication with graceful degradation when device has no security setup
• Migration tools for transitioning from deprecated encryptedSharedPreferences
• Enhanced error handling with proper exception messages for biometric unavailability

Fixes:

• Fixed biometric authentication on devices without security (PIN/pattern/password) - now gracefully degrades when enforceBiometrics=false
• Fixed storage cipher and key cipher pairing validation
• Fixed migration checks for encrypted shared preferences
• Fixed biometric permission handling
• Fixed exception when reading data after boot

... (truncated)

• 997c9c0 fix: release of v10.1.0
• f099e17 release of v0.3.0
• 34908ee release of v2.1.1
• 100ba67 fix: tests for secure enclave, doc clarification
• 1dcad37 fix: missing changelog entries
• 080b6bf Merge pull request #1107 from juliansteenbakker/dependabot/gradle/flutter_sec...
• aae82ce Merge branch 'develop' into dependabot/gradle/flutter_secure_storage/example/...
• e3521ee Merge pull request #1116 from juliansteenbakker/feat/linux-tests
• 24a0d6c feat: linux native tests
• b9ab979 Merge pull request #1093 from juliansteenbakker/feat/windows-tests
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)