How to secure SharedPreferences data in my application?.
I use 2 step for this but in Security Audit hacker are able to hack my data.
1 Step-
SharedPreferences sharedPreferences = context.getSharedPreferences(context.getPackageName(), Context.MODE_PRIVATE);
SharedPreferences.Editor editor = sharedPreferences.edit();
editor.putString("key", value);
editor.commit();
2 Step- Use SecureSharePreferences
SecurePreferences securePrefs = new SecurePreferences(context, "key", "my_user_prefs.xml");
SharedPreferences.Editor editor =securePrefs.edit();
editor.putString(key, value);
editor.commit();
Any other method to handle this.
After read some Answer I update my code with encrypt data but problem still exist.Security auditor still getting application sharedpreference.file from app memory.
SharedPreferences sharedPreferences = context.getSharedPreferences(context.getPackageName(), Context.MODE_PRIVATE);
String keyEncript = EncriptionDecriptionUtils.encriptionOfData(key).toString().trim().replaceAll("\r\n", "");
String value = sharedPreferences.getString(keyEncript, "").trim().replaceAll("\r\n", "");
String valuedecript = EncriptionDecriptionUtils.decriptionOfData(value).toString().trim().replaceAll("\r\n", "");
return valuedecript;
You can encrypt & decrypt the shared preferences data using AES algorithm.If you open shared preferences explicitly you will get encrypted information only.For your reference look into this Securing SharedPreferences Data using AES algorithm
On a rooted phone, it can access the shared preferences for your app. Also, on any phone the user can delete all the data that it's stored in shared preferences by clearing the cache in the application manager. A safe way to store data would be to encrypted it with AES and save it in a text file in the root folder of your app.
Related
The app I am developing should know if the user/android* has cleared cache or clear data , so that I logout the user. How to do this? How to find out if user has cleared cache?
Can the android OS clear the cache of an app by itself (without human intervention)?
Use SharedPreference to store value in Application cache
SharedPreference prefs = getSharedPreferences("UserInfo", 0);
SharedPreferences.Editor editor = prefs.edit();
editor.putString("username", username);
editor.putString("password", password);
editor.commit();
when App started Retrieve data from SharedPreference
SharedPreference prefs = getSharedPreferences("UserInfo", 0);
String username = prefs.getString("username","");
String password = prefs.getString("password","");
if cache is cleared SharedPreference also cleared.so you have to make a condition like if username and password empty means not enter Application.
I tried to append the data in shared preference file by using
SharedPreferences sharedPreferences = getSharedPreferences("myData", MODE_APPEND);
SharedPreferences.Editor editor = sharedPreferences.edit();
editor.putString("name", userName.getText().toString());
editor.putString("password", password.getText().toString());
editor.commit();
But I found that new value overwrites the old value. Will you help me to fix this issue?
MODE_APPEND doesn't mean that you add multiple values for each key. It means that if the file already exists it is appended to and not erased . We usually used MODE_PRIVATE.
As for saving multiple names and passwords, you can take a look at putStringSet(string key Set<String> values Method.
You can save the for each key a set of string values. You can separate the username and password by some special character or string. You may even serialize an object to json.
So basically what you need to do is:
Get the list of values from Shared Preferences
Append the current value to the list.
Save the List back to Shared Preferences.
I saw this on stack Need to save a high score for an Android game
This is what it told me
//setting preferences
SharedPreferences prefs = this.getSharedPreferences("myPrefsKey", Context.MODE_PRIVATE);
Editor editor = prefs.edit();
editor.putInt("key", score);
editor.commit();
//getting preferences
SharedPreferences prefs = this.getSharedPreferences("myPrefsKey", Context.MODE_PRIVATE);
int score = prefs.getInt("key", 0); //0 is the default value
I was wondering, should "key" be the string where the highscore is located? and does it matter what i name my prefs key.
Thanks for your time.
The Android Developers documentation is an excellent place to start with any question like this. SharedPreferences can be found here. SharedPreferences is a simple Key-Value pair storage, so if you put an int into your shared preferences as with the key "high score", then in the future, if you want to get that int, you need to use prefs.getInt("high score"). It doesn't matter what you name your keys, but it is generally good practice to use private static final string variables to store keys you will use on a regular basis.
You can name the string whatever you like. Click here for documentation. You can name it anything from "foo" to "bar".
I have several apps which use the same accout.
The question is when i had more than one apps installed in my phone,how can i login without type username and password if one of the app had logged in.
See below reference code which is having app1 & app2, so using shared preferences suppose you can store username & password in app1 & you can using it in another app2. Here I'm shwing how to access username, you can expand it as per your requirement.
Okay! using this code in Application 1 ( with package name is "com.sharedpref1" ) to store data with Shared Preferences.
SharedPreferences prefs = getSharedPreferences("demopref",
Context.MODE_WORLD_READABLE);
SharedPreferences.Editor editor = prefs.edit();
editor.putString("username", strShareValue);
editor.commit();
And using this code in Application 2 to get data from Shared Preferences in Application 1. We can get it because we use MODE_WORLD_READABLE in application 1:
try {
con = createPackageContext("com.sharedpref1", 0);
SharedPreferences pref = con.getSharedPreferences(
"demopref", Context.MODE_PRIVATE);
String data = pref.getString("username", "No Value");
displaySharedValue.setText(data);
} catch (NameNotFoundException e) {
Log.e("Not data shared", e.toString());
}
I think, you could use Database for storing username and password, and share the database among your multiple apps, settings some field like is_logged_in with boolean value 1 when user is loggedin. On app launch, access the database, check for the field is_logged_in and display appropriate logged in view.
the Html parse is very slow, so I thought of storing a static text within the sharded preferences to access it faster. Is it possible to store this somehow and retrieve it, so that it can be set without usage of Html.fromHtml?
This way I would just parse the file one time. Once it is in cache it should be much faster, if no parsing is required.
Yes you can store Static string in shared preferences.
Here is code which may help you..
SharedPreferences sharedPref = getPreferences(Context.MODE_PRIVATE);
SharedPreferences.Editor editor = sharedPref.edit();
editor.putString(YOUR_KEY, YOUR_STATIC_STRING);
editor.commit();