I am using SharedPreferences to store my keys and my crypted messages.If i store them crypted in it and then decrypt in my app it takes some time, but i am confused about if it will secure to store them decrpyted in SharedPreferences.
Can anybody reach my SharedPreferences MODE_PRIVATE with special app or something like that ?
On a rooted phone, yes, it can access the shared preferences for your app. Also, on any phone the user can delete all the data that it's stored in shared preferences by clearing the cache in the application manager.
A safe way to store data would be to encrypted it with AES and save it in a text file in the root folder of your app.
Related
I know that SharedPreferences is an efficient way to store data but is the database used by android to store SharedPreferences read only even if you have root access?
Thanks in advance!
There is nothing you can do if a user has SUDO permission on the device. If a device is rooted, they can dig into your SharedPreferences all they want.
If you are storing passwords or other sensitive data in your app's local data, consider doing some sort of obfuscation like SHA or MD5 hashing before adding to prefs.
As I understand it, it's possible to retrieve data stored in SharedPreferences. Therefore it isn't safe. Could anybody advice me on a way to completely secure the data? I know it's possible to encrypt and store the data, but I'm wondering, is there any other way?
Data stored in SharedPreferences, if created with Context.MODE_PRIVATE, is only accessible to your own application.
Though, if the users phone is rooted, then the data can be read by root applications (even if created with Context.MODE_PRIVATE).
There is no way to avoid that, ever. But you can take precautions such as encrypting the data in SharedPreferences.
A good example of this is the SecurePreferences library: https://github.com/scottyab/secure-preferences
Shared Preferences are stored as a file in the filesystem on the device. They are, by default, stored within the app's data directory with filesystem premissions set that only allow the UID that the specific application runs with to access them.
So, they are private in so much as Linux file permissions restrict access to them, the same as on any Linux/Unix system.
Anyone with root level access to the device will be able to see them, as root has access to everything on the filesystem.
If you're concerned about such access to your preferences (or any data written by your application), then you will want to encrypt it. You can google it out.
Try this https://prashantsolanki3.github.io/Secure-Pref-Manager/ to easy work with shared preferences, it also encrypts the key and value before saving it in the preferences.
Sample code to save a value:
SecurePrefManager.with(this)
.set("user_name")
.value("LoremIpsum")
.go();
I'm going to use the SharedPreferences Keys to store my app informations so when I open the app again after onDestroy the information will still the same.
I'm just wondering is it safe to use SharePreferences ? I mean is there a way to hack or get the KEYS from the SharePreferences ?
and does all Android Platforms have the SharePreferences ?
thanks .
sharedPreferences arent safe..
sharedPreferences should just store config/setting-data not encrypted..
if u want to store critical data - you have to write it encrypted in a dataBase/sharedPrefs
btw .. http://android-developers.blogspot.de/2013/02/using-cryptography-to-store-credentials.html
You shouldn't store any unencrypted valuable information(passwords, private user information etc.) in SharedPreferences. SharedPreferences are just plain XML files in app directory on internal storage.
If you need to store smth private - you definitely need to encrypt it first.
How can I protect username and password saved in preferences?
Some sample code would be nice.
If you store passwords in plain text in an SQLite database or shared preferences, someone with root access might see them. Encrypting credentials prior to saving them locally would be safer, but still not perfect if someone reverse-engineers your app and gets the encryption key.
Have a look at the AccountManager. Also, this post might help you.
If you find that too complicated for your purpose, at least encrypt passwords before storing them into SharedPreferences! You can find more information, explanation and code here, too.
SharedPreferences sharedPreferences = MyApplication.getContext()
.getSharedPreferences(ApplicationConstants.SHARED_PREF_NAME,
Activity.MODE_PRIVATE);
Shared prefernces are stored under Android/data/data/yourApp on the internal file system of android and it's not accessible to other apps, so you can privately save data on shared preference
ACtually shared prefrence data store in your application memory and no other app can access that so beware of this
I basically want to be able to have multiple SharedPreferences files for my app. The names of these will be based off of a string entered by the user. Then when the user wants to restore, I want to create a popup that will allow them to pick from all available SharedPreferences files. Is there a way to see what SharedPreferences files are in the directory? Or is there a better way to store this?
TIA
You could save a csv list of SharedPreferences as a SharedPreference...
But I think if you are going to have multiple configurations, better approaches would be either a small SqliteDatabase or ".ini" files in the internal storage.
If you insisted on using SharedPreferences as the storage mechanism, what you could do is use the default shared preferences (get it with SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(context);) to store a list of the preference files created (using something like the putStringSet method at http://developer.android.com/reference/android/content/SharedPreferences.Editor.html#putStringSet%28java.lang.String,%20java.util.Set%3Cjava.lang.String%3E%29). You can then retrieve them later and generate the popup list.