According to AS3 language:
Data in encrypted local storage is protected by the credentials of the operating system user account. Other objects cannot access data in the repository if they cannot log in as a user . However, the data is not protected from access by other applications executed by an authenticated user. Therefore, data that your application may hide from users, such as keys used to license or manage digital rights, is not secure. ELS is not a suitable place to store such information. This is just the right place to store user personal data, such as passwords.
Some notes on encryption:
AIR uses DPAPI for Windows , KeyChain on Mac OS and iOS, and KeyRing or KWallet on Linux to associate an encrypted local store with each application and user.
Encrypted local storage uses 128-bit AES-CBC encryption .
On Android, the data stored in the EncryptedLocalStorage class is not encrypted .
Summarize:
- If someone can log into a user account, they can access
EncryptedLocalStore EncryptedLocalStore managed by the operating system, not AIR- Data is encrypted, but not on Android
If you want to hack such a repository, you will have to:
- Get repository content
- Break encryption (which is pretty good)
- Find the specification for parsing such a data repository
- Write your own data reader