hello everyone, i have a question: I'm using

androidx.security:security-crypto:1.0.0

that gives me

EncryptedSharedPrefs

in my Android project. One day, I would like to use

androidx.security:security-crypto:1.1.0-alpha6

, but since it is "alpha" (not stable), i'm doing that under a feature flag. With that particular feature flag, I'm going to switch from

EncryptedSharedPrefs-1.0.0

to

EncryptedSharedPrefs-1.1.0-alpha6

. How? • I've created 3 subprojects: ◦

:core:secure-storage:alpha

that declares dependency

implementation(androidx.security:security-crypto:1.1.0-alpha6)

◦

:core:secure-storage:stable

that declares dependency

implementation(androidx.security:security-crypto:1.0.0)

◦

:core:secure-storage:data

that declares 2 internal dependencies

api(:core:secure-storage:alpha)

and

api(:core:secure-storage:stable)

• next, in each subproject I've implemented the helper interface to the

EncryptedSharedPrefs

in terms of the following classes: ◦ in

:core:secure-storage:alpha

I provide

AlphaSecureStorage

wrapper class and expose

sharedPrefs: EncryptedSharedPrefs

property from it ◦ in

:core:secure-storage:stable

I provide

StableSecureStorage

wrapper class and expose

sharedPrefs: EncryptedSharedPrefs

property from it • next, in

:core:secure-storage:data

I'm exposing

sharedPrefs: EncryptedSharedPrefs

as follows:

val sharedPreferences by lazy(NONE) {
  if (featureFlag) {
     AlphaSecureStorage().sharedPreferences
  } else {
     StableSecureStorage().sharedPreferences
  }
}

• in any other subproject (production subprojects) I just declare the dependency on

:core:secure-storage:data

only and use its

sharedPreferences

property. ===== In the successfully built APK i see both classes from

1.1.0-alpha6

and

1.0.0

in

classes*.dex

files. I checked the slight differences between these 2 versions and actually see classes from both versions. Now the Questions: 1. Based on that fact, can I expect that my intention - to switch feature flag and expect either

1.1.0-alpha6

functionality or

1.0.0

to run - will work? 2. Would there be some implicit substitution (by Gradle or whatever) from

1.0.0

to

1.1.0-alpha6

(more newer), which i would be able to detect? 3. Why there is no build error "Duplicating classes", is that expected? a. If i would have added both

androidx.security:security-crypto:1.1.0-alpha6

and

androidx.security:security-crypto:1.0.0

as either

api

or directly to the

:core:secure-storage:data

, then i would have expected build error "Duplicating classes", right? b. But since there is a successful build, then everything is okay and will work as expected? Thank you

I would guess this is something highly Android-specific. Gradle in a normal project would not give duplicate class error, but resolve such a version conflict by selecting the higher version and never have the same library twice unless also the coordinates are different and not only the version.

Thank you for quick reply What should i check to validate the solution? Something in dependency tree or build scan?

I have no idea, I'm not into Android development