I'd like to develop an app which need some data persistency. For some reason, I don't want to use database. And I'd like something similar to the shared preference. But only have one more requirement:
I hope my data can be persistent across installation. That means even the app uninstalled the data still be stored in Android system safely.
Are there any suggestions? Thanks
P.S.: In iOS, I use the keychain.It works perfectly.
The only solution I can think of to ensure non-removal on uninstallation is to write a file somewhere on the external storage. However this is (a) insecure (b) prone to other issues such as users deleting it.
If you are worried about persisting data on upgrades then using a database with a ContentProvider you can achieve this fairly easily. Shared Prefs are only really meant for a small number of small values/primitives.
There is also the option of storing something remotely, with a web service if it fits with whatever need you have to retain data when uninstalled/reinstalled.
The majority of questions like yours indicate an issue somewhere else in the way your application is architected, if you provide more detail people here may give you a better solution
The only way I can think of doing it is syncing the data with the cloud and restoring it if the user reinstalls the app. You may want to look at leveraging the BackupManager.
Related
I'm using Shared Preferences. Is there a better/safer way to save the user score?
You have multiple choices:
Shared preferences file is the one you are now using. It's usable and nice key-value store, but should be used only for settings type data. Maybe for username, score, etc. Nothing too complicated.
Saving files in Android's file system is better choice for your problem. How ever, you wanted to secure the file, so that user can't modify it.
Using databases managed by SQLite is bit heavy solution for this kind of stuff, but once setup, is easy to use and harder for everyday cheaters get theirs hands on the data. However, i think this is bit overkill for that kind of data.
Remote Server, Keep your data on server and fetch when user needed.
High Score is not much valuable so It's better to save in Shared Preferences.
If the high scores are kept locally, then I would posit that it's probably not worth making the file tamper-proof. If they want to inflate their private score instead of actually earning it, then let them. Your time is better spent developing an awesome app.
All that being said, another way to approach the problem would be not to make the file tamper-proof, but to detect when it had been tampered with. You could do this by doing sneaky things like tracking a checksum- if the checksum doesn't match the highscore file, you know it has been tampered with and add 'cheater' easter eggs into your game.
I want to write an android calculator app like the one on my android phone. It saves history for operations and by clicking a button it shows last operations. Now my question is what is the best way to save operations? Is it reasonable to save them to a file in internal storage or what?
There's some options..
1) Include a SQLite Database, as others mentioned. This makes storing lots of information really easy. You can find tutorials on how to include one properly in your project, and don't hvae to care for much more. You can then work with content providers to read and store data.
http://developer.android.com/guide/topics/providers/content-providers.html
2) SharedPreferences. If you just intend to store like the last, or the last 3 Operations, you can just use shared Preferences. This is way less overhead than adding a Database, if it is a small project, albeit you will have to keep your data structured yourself.
http://developer.android.com/reference/android/content/SharedPreferences.html
3) If you just want to store the users current session you can just Keep a Stack of the used operations. On undo, or however you call it, you would just pop the stack.
By implementing onSaveInstanceState and Parcelable you can make sure that no data is lost on rotation / low memory and such.
I personally would advise you without knowing more about your project to use plain java objects and storing the state. A calculater would in most cases not need persistent storage. If you really want to know what the user did 2 weeks ago, you should use a Database.
I would recommend you to use database(SQLite) for storing the data.
If you don't know more about SQLite in android have a look at these
tutorials.
I think database should be handy for history if more than one operations has to be stored else for one operation you can use shared preference.
My app needs to store data on the phone, but I'm not sure what's the more efficient method. I don't need to search through the data or anything like that. I just need to be able to save the app's current state when it closes and restore when it's back up. There is between 1mb and 10mb worth of data that will need saving.
There are basically a bunch of custom classes with data in them, and right now I have them as Serializable, and just save each class to a file. Is there any reason for me to change that to store it in SQLite?
If you where to use sqlite you could save as you go, and know that whats in the DB is pretty much uptodate if the app/activity holding the data is suddenly killed by the os. Other that that I cant see and obvious reason to use sqlite for your use-case.
Also for the sql approach you have a clear cut way to change the structure of your domain objects at a later time and to migrate the data from a old to a new version of your database. This can be done using serialized objects as-well, but then the objects needs to be duplicated, both new and old at the same time. And that to me sounds very very scary and messy, especially considering that you might need to go from version x to y, so you might end up with some pretty tricky problems if you ever need to update the domain objects.
And I can honestly not see any benefits of using the flat-file/serialized approach.
You mention in your question that the data is only meant to save the state of the app, therefore my initial response would be to keep it on the devices especially since you mention that the file size would not be much more than 10MB, which is quite reasonable.
So my answer to you would be to keep it as is on the device. If your usage of the information changes in the future, you should then reconsider this approach, but for now it's totally logical.
If you're only saving serialized classes, you could use an ORM mapper as discussed in this thread . This saves you the inconvenience of writing your own mapper and is easily extendable to new classes. Also, if your requirements change, you COULD lookup data.
The only reasons for changing your system to SQLite would be more comfort and maybe a more foolproof system. E.g. now you have to check if the file exists, parse the contents etc. and if you'd use SQLite, you don't have to verify the integrity of the data and Android also helps you a little. And you could use the data for other causes, like displaying them in a ListView.
I'm currently developing an Android game which saves data into a SQLite database. This is not really "sensitive" data, but I don't want users to be able to modify it (for obvious reasons of game balance, as it would be cheating). And it's quite easy to access and modify a SQLite db when your phone is rooted (there are plenty of applications for that in the market).
So should I even worry about that, or consider users with a rooted phone can do whatever they want including cheating and that's their choice? Or could I somehow encrypt the data I don't want them to modify, or add a MD5 checksum or something similar?
Another approach would be to abandon SQLite altogether and use some kind of binary files with game data.
Please let me know if some of you already encountered similar issues, and what are the approaches you followed, as well as the "good practices" in the Android gaming development community.
Thanks.
Root access for everybody and security are mutually exclusive.
Any application or user with root permissions can read and modify each and every file on your system, as well as all of the main memory. That doesn't leave many places to store a potential encryption key for the database.
You could hide parts of the key in the executables, configuration files etc, but everything you could come up with would be nothing more than obfuscation and security by obscurity.
If a user opts to grant root access to everybody, that's their decision, and it's not your job as an app developer to prevent any harm that might be caused.
Update:
Storing API keys in Android, is obfustication enough? is a pretty similar issue - it's about protecting API keys, but it's the same situation with regards to your options.
sqlcipher for Android might help here.
https://guardianproject.info/code/sqlcipher/
I think based on your requirement the best method is using consistency of data,
for example MD5 the score and time, then put score and time and MD5 in to the table, then every time wanting to use that row of DB check the MD5 of the score and time if the one in DB and the one which calculated are same, the row is consistent otherwise it was hacked!
You may find your happiness on Preferences Files Look here
I'm currently facing a problem where I should store my object structure on the android device.
The usecase: I'm starting a call to an applicationserver (with the great help of AsyncTask), get a well known response (xml-response) from the server, parse the data and transform it finally into my object structure (highly complex class diagram with many associations between the classes). So far it's working, thanks to the great XMLPullParser ;)
I'm wondering where to store (and of course share) the fetched data between my activities... I already know that I can use sqlite, but I do not have an or-mapper (like hibernate in the j2ee environment). I'm also not allowed to store this sensitive data on the device (in sqlite or file system), so my first approach was to store this data in a singleton (which is of cource being held in memory...). But what happens when system is getting on low memory, can android "destroy" the data stored in my singleton? I already read about extending the android.app.Application class... So what is the best way to securely store object data (called from "webservice") on android devices?
BTW: Android development is that cool! We are currently porting a Windows Mobile 6.5 App to Android and iPhone, and my colleague (reponsible for iPhone-dev) is complaining all the time^^
Regarding an OR mapper, I came across OrmLite the other day. It is a general ORM tool for Java, but it also has some special adaptations that makes it work for Android. I haven't had time to test it myself yet, but it looks promising :)
As for storing sensitive data on the phone, you really don't have the option of storing it only in memory (using some kind of singleton as you suggested). As soon as your application goes to the background, it can be killed instantaneously, so you have to persist what data you want to keep in some way. That being said, if you save data to Internal Storage, this will not be available for any other app on the phone (given that the phone is not rooted, because if is rooted this is easy to get around). I do believe that this same goes for data you store using SQLite, but I'm not 100% certain, so I won't guarantee it.
But basically, if you are sure that your app will only run on non-rooted devices, you should be pretty safe saving your data to Internal Storage. And if that isn't good enough, there there is the javax.crypto package, but I've never used that so I can't really say anything about it.