I wanna save a user's score that is retrieved from a server, locally, in order to reduce number of calls to the server.
However if I use SharedPreferences, it could be easily edited by the user. If I use a local database, it could also be changed if user has root access.
So is there any way to safely store data? Should I encode it?
Note that I can't check if local score equals server score, because it may be modified by the app.
A better way to enforce security while saving data in either to save it on your server and enforce security there. But, if you want it to be saved on local; then encrypt them and save them.
For sqlite encryption; https://guardianproject.info/code/sqlcipher/
is great. (link to project)
For saving files or blob data https://github.com/facebook/conceal may
help.
For saving simple key-value pairs in sharedprefs -
https://github.com/scottyab/AESCrypt-Android is useful
It is not good to save sensitive data such as user's personal information and/or passwords in shared preferences or raw sqlite database without encryption.
Related
Suppose i made an app which uses shared preferences,
will the data stored with shared preferences be deleted when user clears app storage?
if yes then what is alternative to store/retrieve important data faster which will not get erased by user?
i tried firebase-database, but it is lagging the speed/performance i require.
will the data stored with shared preferences be deleted when user clears app storage?
Yes.
what is alternative to store/retrieve important data faster which will not get erased by user?
Store it on a server.
i tried firebase-database, but it is lagging the speed/performance i require.
Then store it on a faster server, I guess. Or, use a local file as a cache, with the server acting as a backup location, should you need to restore the data at a later point.
I read shared preference is used as a session for small data storage. I would like to know , what are the way to manage session in android and which is more efficient and useful way to use session. please guide me.
It can be as simple as storing a datetime string lastUsedDate in SharedPreferences, and looking up lastUsedDate everytime the app's onCreate() is called and calculate the time passed since.
you can manage your session via api, you can store a value in shared preference when your app is lunched. This start a session when you store a value , when you need to close this session or log out just change your share preference value and update your api and your api return a value which define your app state
you can use your sqlite to store sessions..you can also make use of Bundle.
Before you can talk about the one most efficient in storing session, the data size will have to be considered.
Your data storage options are the following:
Shared Preferences
This stores private primitive data in key-value pairs.
Internal Storage
This stores private data on the device memory.
External Storage
This stores public data on the shared external storage.
SQLite Databases
This stores structured data in a private database.
Network Connection
This stores data on the web with your own network server.
you can also check here for more explanation
Im saving datas from my db/user into a gson formated ArrayList in SharedPreferences. Now my question :
Is it safe to save these datas (or data in general) into Sharedpreferences. Are users able to read these gson Arraylists out ? Maybe from SD card ,in a folder or somewhere else.
Thank you !
They are stored as xml files in your app directory, with permissions that allow only your app to access them. But on rooted device they are easily accessible. If you are concerned with security then you may use encryption, those projects might be usefull to you:
https://github.com/rtoshiro/SecureSharedPreferences
https://github.com/sveinungkb/encrypted-userprefs
still those projects does not give you 100% guarantee, hacker may decompile your apk and find keys used to encrypt shared preferences. So if your data is of use only for short time then remember to remove it from your device once user has finished using it. You may for example keep data on server and download it only when needed, caching locally only for short time - when its needed.
SharedPreferences is just a file located in phone private memory. So user can't access it but root can. Root can everything and many users have root's nowadays. You shouldn't store fragile data there
Android SharedPreference security
You can read all shared preferences Data
The SharedPreferences class provides a general framework that allows
you to save and retrieve persistent key-value pairs of primitive data
types.
To see the information in the store you need to know the important thing from the data. This will make reading through the information super easy. But as simple as it's to keep a tiny bit of data as difficult it's to keep and browse large structured data since you need to define key for every data, in addition you can't really search inside the data except you've got a certain concept for naming the secrets.
Please read Android SharedPreference security
I know this topic has been discussed before on Stack Overflow. But there are still some things that are not clear when I read previous posts about it. So here they are:
I know that we use shared preference for small datasets and sqlite for large data manipulation, so if we just want to save a username and password should we use shared preferences?
Won't shared preferences be lost when user uninstalls the app? For example I download an app called abc and save my username and password. Then I uninstall this app from one phone and try to access it from other phone using the same username and password. Will this be saved using shared preferences or the data be lost?
What are the main reason we use one over the other beside large and small datasets?
You can think of the difference between shared preferences and an SQLite database in terms of data size but that isn't entirely accurate. A better way to think of it is in terms of the structure of the data you want to store.
Shared preferences can only store key-value pairings whilst an SQLite database is much more flexible. So shared preferences are particularly useful for storing user preferences, e.g. should the app display notifications etc. Whilst an SQLite database is useful for just about anything.
Both data sources are local but something you should be aware of is the ability to backup your application data to cloud storage that is linked to the user's Google account. This makes it much easier for your users to change devices and for their applications to easily transfer to the new device. For more info take a look here.
In the situation you described about you will lose the user name and password in both situations. The data is stored on the phone, when you uninstall the application, the data that some with it will also be lost. The user will have to re-enter this information.
You can save the user name and pass in either the shared Preferences or a DB, that is personal preference. Just make sure you lock either down, i.e. don't share the DB or Shared Preferences that you keep this information in.
As for the difference... shared Preferences should hold well... shared Preferences... here is an example:
If I create an option to change the background color, I will store all available options in a DB that can be loaded into a adapter view for the user to choose from. But I will store the color that they have selected in the Shared Preferences. This way when the application load I can get the Shared Preference value of the background color that should be used.
SharedPreferences is used for just that, storing user preferences shared application-wide. You can use it, for example, to store a user's username, or perhaps some options he or she has configured in your app in which you want to remember.
SQLite is a relational database. It's used to store your application's data, not preferences or configuration information.
Both are stored locally on the device.
1.SharedPreferences stores only Boolean, int, float, long, String five kinds of simple data types, such as can not be conditional query. So, whether SharedPreferences data storage operation is how simple it can only be a supplement of storage, but can not completely replace other data such as the SQLite database is stored.
2.SharedPreferences based on the XML file to store key-value key used to store configuration information(mainly user preference for your application).
3.Sharedprefrece just like cookies in web which store some basic information at client side.
both store their data locally, so uninstalling the app will delete both. other than that, SharedPreferences is easier to program, and you're right about the data amounts.
In general, shared preferences should be used if you want to allow your user to directly manipulate certain data fields. Shared preferences are basically user preferences; if you would like the user to reconfigure the app to behave in different ways, you should expose that functionality as a shared preference. On the other hand, the SQLite database should be used if you want to limit the visibility of the data to just the application, if you want a stronger guarantee that the data be persistent, and if you want the application to behave independently of what is stored in the database. Of course, you can use both in one application.
Shared preferences and the database are part of local data that the application stores. If you uninstall the application, both of the data stores will be removed.
Actually i want to know how to store data from my app in the device so that i can review the store data when i run the application again..
means in simple terms i want to say that suppose i have text box where i write some information..now when i click the submit button, this information will be save,so that when i open the application the stored data should be appear in the text box..
In all terms i want to say that i just want to stored data in the way that we are using database for storing data..so please anyone suggest me how that can be done in android.
if possible show with an example
Regards
Anshuman
If you have to store small amount of data, you can use SharedPreferences in Android.
If the data that you have to store is big/complex enough, try using SQLite database.
Still need help?
UPDATE: There's a tutorial that I wrote to demonstrate how to use SQLite database. check it out here. Although it copies existing database into device's memory, but other versions of it, which create database through code can also be devised from it.
A better tutorial is here : http://www.vogella.com/tutorials/AndroidSQLite/article.html
1) If you want to store data in table format then you can use SQLite database in android
2) If you don't want to store data in table format then you can store in SharedPreference
more info about SharedPreference here and here
Android comes with a built in SQLite database that you can use. I advice you to go trough this notepad tutorial. It teaches the basics of using Android SDK including different states of the android application as well as how to use SQLite with Android.
For storing simple key = value pairs, you can use Properties.
For data storage as in a database, you can use sqlite on android.
Android provides several options for you to save persistent application data. The solution you choose depends on your specific needs, such as whether the data should be private to your application or accessible to other applications (and the user) and how much space your data requires.
Your data storage options are the following:
Shared Preferences
Store private primitive data in key-value pairs.
Internal Storage
Store private data on the device memory.
External Storage
Store public data on the shared external storage.
SQLite Databases
Store structured data in a private database.
Network Connection
Store data on the web with your own network server.
Data Storage