Description
I updated flutter_secure_storage from version 9.2.4 to 10.0.0+. After the update, the app crashes completely on Android. The migration process fails to read the old data, which results in a NullPointerException when the app tries to access the storage. I successfully reproduced this issue using your official example app.
To Reproduce
Steps to reproduce the behavior using the example app:
- Run the example app using flutter_secure_storage:
^9.2.4.
- Add these exact
AndroidOptions:
AndroidOptions(
keyCipherAlgorithm: KeyCipherAlgorithm.RSA_ECB_OAEPwithSHA_256andMGF1Padding,
storageCipherAlgorithm: StorageCipherAlgorithm.AES_GCM_NoPadding,
resetOnError: false,
)
- Save some data in the app and close it.
- Upgrade the dependency to
flutter_secure_storage: ^10.0.0.
- Run the app again.
- The app crashes during migration with
IllegalBlockSizeException followed by NullPointerException.
Expected behavior
The library should migrate the data successfully without crashing the application. Using the resetOnError: true flag is not an acceptable workaround for my use case, because the encrypted data in my application is critical for its correct operation and simply cannot be lost or automatically deleted.
Device & Environment
- Samsung Galaxy S23+
- Android 16 (Rooted: No)
- Flutter Version: 3.38.7
Logs
2026-03-23 12:29:51.152 E Failed to decrypt key: VGhpcyBpcyB0aGUgcHJlZml4IGZvciBhIHNlY3VyZSBzdG9yYWdlCg_1774265231633266
javax.crypto.IllegalBlockSizeException: error:1e00007b:Cipher functions:OPENSSL_internal:WRONG_FINAL_BLOCK_LENGTH
at com.android.org.conscrypt.NativeCrypto.EVP_CipherFinal_ex(Native Method)
at javax.crypto.Cipher.doFinal(Cipher.java:2074)
at com.it_nomads.fluttersecurestorage.ciphers.StorageCipherImplementationAES18.decrypt(StorageCipherImplementationAES18.java:91)
at com.it_nomads.fluttersecurestorage.FlutterSecureStorage.decryptAllWithSavedCipher(FlutterSecureStorage.java:383)
[...]
java.lang.NullPointerException: Attempt to invoke interface method 'byte[] com.it_nomads.fluttersecurestorage.ciphers.StorageCipher.decrypt(byte[])' on a null object reference
Description
I updated
flutter_secure_storagefrom version9.2.4to10.0.0+. After the update, the app crashes completely on Android. The migration process fails to read the old data, which results in aNullPointerExceptionwhen the app tries to access the storage. I successfully reproduced this issue using your official example app.To Reproduce
Steps to reproduce the behavior using the
exampleapp:^9.2.4.AndroidOptions:flutter_secure_storage: ^10.0.0.IllegalBlockSizeExceptionfollowed byNullPointerException.Expected behavior
The library should migrate the data successfully without crashing the application. Using the
resetOnError: trueflag is not an acceptable workaround for my use case, because the encrypted data in my application is critical for its correct operation and simply cannot be lost or automatically deleted.Device & Environment
Logs