My encryption/decryption code works perfectly fine up to Android 5.x, but on Android 6 Marshmallow the code doesn't work anymore. The root cause seems to be that the keysize changes from 32 bytes (Android 5) to 16 bytes (Android 6). It seems that the NetFxCrypto.DeriveBytes.GetBytes method does not return the correct number of bytes on Android 6.

I am using the following code to derive the keymaterial (the salt has 8 bytes):

// Returns 32 bytes on Android 5 and 16 bytes on Android 6.
private byte[] deriveKeyMaterialFromPassword(string password, byte[] salt)
{
    const int numIterations = 500;
    return NetFxCrypto.DeriveBytes.GetBytes(password, salt, numIterations, 256 / 8);
}

Further information

Android 5 device: Google Nexus 4 (Android version 5.1.1)
Android 6 device: Google Nexus 5 (Android version 6.0.1)

Possibly related links

According to this post on stackoverflow, the default crypto provider was changed in Android 6 from "BC" to "AndroidOpenSSL":

• http://stackoverflow.com/a/34307500

I could not find any official information about this, however. But I have found a related bug report in the Google Android bugtracker:

• Triple DES Encryption generating different Output (https://code.google.com/p/android/issues/detail?id=189292)