I understand that the next version of the Androidx security-crypto library will support back to API 21 and that the current one only supports back to API 23. The reason behind this is that the Android Keystore is only available on API 23+.
Since below API 23 the keys cannot be stored in the key store, I'm presuming they must be stored in the app's private directory (I traced the create
call into Tink but couldn't find where it makes this decision). I can see the value for EncryptedFile since you might store it outside the private app directory, but am I correct that you get no additional protection for using EncryptedSharedPreferences below API 23?