I'm using Jetpack DataStore in my Android application and want to ensure it's secure enough for storing sensitive data. Specifically, I have the following questions:
What encryption protocol does Jetpack DataStore use under the hood for its encryption capabilities?
AFAIK, DataStore does not offer encryption. Presumably, that is deemed to be something that you would handle at a higher level in your app. Also, having DataStore implement encryption would make it more difficult to offer DataStore across platforms, and right now DataStore supports at least Android and iOS.
Is the data stored in DataStore fully secure, or could it potentially be decrypted by an attacker?
All encrypted data can potentially be decrypted by an attacker. Even if you use key data that is not stored anywhere (e.g., a passphrase in the user's mind), there are ways to get that key data (e.g., application of a $5 wrench).
Does DataStore use Android's Keystore to manage and secure the encryption keys?
AFAIK, DataStore does not offer encryption.
Would you recommend using DataStore for sensitive data storage, or should I look into alternatives like EncryptedSharedPreferences?
I would not recommend EncryptedSharedPreferences, only because I do not know how long it will be supported.
Using DataStore for the actual storage should be fine, and you can encrypt/decrypt your data yourself. Or, if your data is a better match for a relational database, consider SQLCipher for Android.