Usage of Shared Preferences in android library projects is allowed?I am trying to work on rating bar but i am not sure whether i can use Shared preferences to write that.
If you have a Context, supplied to you by the app that is using your library, you can use SharedPreferences.
However, you need to be a bit careful to ensure that you do not accidentally try using the same keys as the app might use. You might consider using a unique SharedPreferences file, rather than getDefaultSharedPreferences().
Related
My flutter app has a native component to it. This native component is using platform.invokeMethod. In this native component I save a few things to shared prefs using the code
sharedPreferences = getSharedPreferences("foo", Context.MODE_PRIVATE)
sharedPrerences.putString(...
Now, I want to read from this shared preference file from my flutter / dart code. But the API does not have a way for me to specify the shared preference file name (foo). I can only do this
SharedPreference.getInstance().getString(..
How do can I solve this?
I'm assuming you are using the Shared Preferences-plugin on the Flutter side. That only accesses a single file whose name is hard-coded in the plugin.
Instead of saving the preferences in the native android side, you could instead return them from the invokeMethod to Flutter, and then use the plugin to save them.
And - although not the most elegant solution - you could write the preferences on the android side into the same file the plugin is using: "FlutterSharedPreferences". This would probably involve also calling reload on the flutter side after the write to make the plugin refresh its local values.
I am using RoboGuice in my application, and i've grown a custom to creating multiple shared preferences files so that each file plays its own role, and contains only small number of keys
however, ever since i started using RoboGuice, it injects my sharedPreferences objects with a single default file.
Is it possible to somehow direct roboguice into creating multiple files ?
Haven't use RoboGuice forever, but back in a days this was the way:
https://code.google.com/p/roboguice/wiki/ProvidedInjections#Shared_Preferences
I've a android library which is called from an App. I want to access App's version from library project. Is it possible at all?
EDIT: I don't control the calling app. I need some way to get calling app's version from library.
If you pass the context information, you should be able to use
PacketManager yourPacket = context.getPackageManager();
which gives you oodles of information.
One option you have to is get the apps version from your own app itself, and then make it available "manually" to the library by storing it in some sort of shared storage like a WORLD_READABLE file, or on the SDcard or something.
Or perhaps depending on the library, and how much you are able to modify it you could also use some sort of Static object to hold the data for you.
I'm using PreferenceActivity to let Android handle some persistent key/value pairs for my app.
According to the Android Preference docs :
Note that saved preferences are accessible only to the application that created them.
However, when further researching the security and permissions aspect of preferences, I come across questions like this one:
Android: Retrieving shared preferences of other application
where some users are saying that preferences may be made world readable and world writeable and that they are successfully able to access them across applications.
So my question is:
Are preferences inalienably inaccessible across applications or do I have to take precautions to make them so?
Note: I'm am not trying to use preferences to share data among apps. Quite the opposite - I want to know that any preferences my users set are secure from inspection/alteration by other apps.
From the above answers and comments, it looks to me like the android developer docs on this subject are a bit misleading.
I even found another place where the developer docs state explicitly that settings are not accessible across apps:
(Note that it is not possible to share settings data across application packages -- for that you will need a content provider.)
Reference to the above quote it here: http://developer.android.com/reference/android/app/Activity.html#SavingPersistentState
But the responses from #shruti and #raman-bhatia (thanks guys!) both support the fact that settings can be configured to be shareable across apps, as does the SO query I referenced in the question.
The clincher was finding this SO query: Difference between getDefaultSharedPreferences and getSharedPreferences which shows how it the default shared preferences file is initially configured as private.
Thanks to all. The answer is that the docs are misleading in that preferences can be coerced to being shareable across apps, but that PreferenceActivity will by default create a secure shared preferences file visible only to the components of the app from which originated.
There are modes associated with the shared preferences that you get to define when you create them.
For example, you can make them as "World Readable" or "World Writable" if you want the rest of the applications on your device to be aware of them.
You can thus use your own flags to adjust the transparency of the shared preferences that you create
Im currently developing a framework for oAuth 1 and 2 access to webservices and my question is, how do i store sensitive data like an oAuth access key in a secure way?
the problem with this keys is that some platforms like twitter use a permanent key and if someone would get access to this key he could do whatever he wants with the users twitter account..
so is it possible to automatically encrypt the data before it is stored in the shared preferences? Or is there a better way/place to store very important data?
UPDATE - ALSO READ: What is the most appropriate way to store user settings in Android application
You can also have a look at this class I made for doing exactly this: https://github.com/sveinungkb/encrypted-userprefs
It uses AES instead of the deprecated and weak DES used in the other suggestion.
1). How to encrypt?
On Android the encryption is done via Java Cryptography Architecture (JCA). Mainly it is the javax.crypto.* package.
JCA Reference Guide
Here is an example of JCA API usage (AES alrorithm in particular).
2). Where to store?
Encryption API manipulates with byte arrays (not strings). This means you can use SharedPreferences, but you'll need to apply Base-64 encoding on the encrypted byte array before putting it into SharedPreferences (otherwise XML parser will fail to read the shared preferences file). Then to read you will need to use Base-64 decoding. Note that by default most Android OS versions do not have a built in Base-64 API (see UPDATE section). So to remove this Base-64 overhead I would recommend just to store your bytes in a private file.
UPDATE: Since API Level 8, the API has android.util.Base64.
I would recommend using Facebook Conceal for encryption on Android almost every time - it's a fast Android library that makes some really sane decisions and leaves you with a few, simple interfaces for actually doing the work.
Bonus! I have recently pieced together the puzzle of how you can use it from Xamarin - see my article on securing your C# app's data using conceal for more information.
You should take a look at Slink.
I came to realize that most of the SharedPreferences encryption tools use encryption for each action you make, meaning that each key-value pair is saved only after both key and value been encrypted, separately. This creates a big performance overhead.
So I searched for a library that will give me a more efficient encryption process and I found Slink. Slink uses Facbook's Conceal library to save the entire map of objects as a whole, making it the most efficient and fast SharedPreferences encryption solution. It also uses common Android's SharedPreferences interfaces, which makes the usage extremely easy and almost seamless.
Disclaimer: I'm part of the development team developing this library.
See duplicate: Obfuscate/Encrypt SharedPreferences file possible?
Hi, I've created a SharedPreferences implementation using AES
encryiption. The project is a maven module. If you need one, take a
look. https://github.com/kovmarci86/android-secure-preferences
Try using our https://github.com/BottleRocketStudios/Android-Vault Vault component. It will use Android's Keystore (on supported devices) or an Obfuscation technique to encrypt values in a SharedPreference file and implements the SharedPreference interface, so it is largely a drop-in replacement.
new encryption introduce by facebook - conceal Encryption.. easy to use
https://github.com/afiqiqmal/ConcealSharedPreference-Android
This article on codeproject contains a nice wrapper for the shared prefs. However the class name SecurePreferences is misleading something like ObfuscatedPreferences would be more appropriate.
There is an Android Library that uses Facebook Conceal to encrypt data.
https://github.com/rtoshiro/SecureSharedPreferences
Maven Central:
compile 'com.github.rtoshiro.securesharedpreferences:securesharedpreferences:1.0.+'
You can encrypt the data in preferences and keep the encryption key in the Android Keystore system. This way your encryption key would also be safe.
You can look into a library doing this
https://github.com/ophio/secure-preferences