I have created an android application where user need to login to store some info like their score, level and so on which are not needed to make secured or open for all.
Now don't want to prompt user to login or sign up, My question is how my application can automatically grab users identical info like his gmail address for his android account ?
After getting the email i can send the email associating with the application result.
Thanks.
You can store information on SharedPreferences
First register and play...blah blah, done gaming, write result to SharedPreferences
Next time loading, check/read SharedPreferences whether such info/data exists then process ... blah blah
Look up info on SharedPreferences: http://developer.android.com/reference/android/content/SharedPreferences.html
There is a very good example of this in the Google IO videos, unfortunately I cannot remember which one it is.
Basically you create a UUID and store it in the shared preferences so that if it is uninstalled then it respects privacy.
That UUID is then used to key all information, if the user wishes to sign up proplery then this key is used and can later be associated with a google ID making the process completely seamless other than a single sign in.
I think it's in the 2010 videos, but I cannot remember the speaker's name.
There is a link that covers some of the basics here:
How can I get the UUID of my Android phone in an application?
Related
This is my first major android application, so sorry if this was asked before, but cant seem to find something relevant to help me.
I am developing an android app, where i have managed to add the google sign in method, using the google's guide. My problem now is how to enable my app, to read the users loggin information after they terminate it and relaunch it. Based on some posts here and other guides (which i cant recall now) what i did was storing a boolean variable in SharedPreferences where it states whether the user is logged in or not. boolean isLoggedIn = sharedPreferences.getBoolean(GoogleLogged, false);
I am loading the SharedPreferences file on the splash screen and make the choice of displaying the login layout or not. other than that I dont save anything else from the login process. I guess that I need to store a token, taken from the google servers, but cant find any relevant solutions.
You want to use the social login using Twitter,Fb and Google.While logging through all of these you will get different user ids as the user id for the same user for google,Fb and twitter will be different ,if you want create a user id for your users and want to use that for further communications.Get the user details from these apis like name,email and respective user id and the method of login which social medium they used for login and respective to that create a web service which will provide the user id for your usercase and store that userid in shared preferences.So in the splash screen you can check that user has logged in or not.
I'm creating an android app which requires a login process. My issue is with implementing a "remember me" function in the app. There are several questions surrounding this issue already on the internet, but I was wondering if there is an easier way than creating public keys for the app or using OAuth (disclaimer: novice developer).
I read the existing questions like How do I implement a 'Remember me' function in an Android Activity? and Security: How should I store ("Remember") a user's username and password for future use? but they suggest two methods of password storage: plaintext in SharedPreferences, or hashed in SharedPreferences. However, the answers go on to say that these can be compromised if someone has access to the phone.
As a preliminary question, I would ask whether it is necessary to maintain security once someone has root access to the device/the hashed password, considering that cracking the password may give the intruder access to other accounts the user has made. If so, would it be beneficial to implement a system which performs this function but without ever storing the user's password (plaintext or hashed) on the phone.
I was thinking of a method which works using three steps:
When a user successfully logs in AND has checked the "remember me" checkbox, store their username in a SharedPreferences file.
Store a boolean value in the database indicating whether the user has checked the "remember me" box.
When the app starts in future, it automatically checks the SharedPreferences file for a username. If a username is found, and the database value for that username is true, the user is logged into the app under that user name.
This way, the user's password is never stored on the app (either in cleartext or in hashed form). Would this be a secure way of implementing the "remember me" function, or should I use another method?
Apologies if this question is not specific enough/too open-ended.
As you do not store password in phone I think it's a secured way of implementing a "Remember Me" function. But, In your 3rd step you haven't mentioned how you will get the username to compare with the SharedPreferences. If users have to provide the username again it won't be a good method.
I have android connected to a MySQL database, the user would login via email and password which is hashed. Each user has a unique ID number. When they successfully login I can transfer their Unique ID to a Shared Preference in private mode to keep track of users. Would something like this work or does it sound to risky? From what I know is that SharedPreferences is the only method that can remember users so they can close and open your app and won't have to login again.
SharedPreferences is the way to go. It is private, belongs to the context of your application and users can't access it.
Although Shared Preferences is private, remember that rooted users can see any apps' Shared Prefs. Just make sure you don't ever save the password, hashed or not, locally because the hash can always be reversed. It's fine to keep user info, like id and username locally because a bad actor can't really do anything with that. Keeping an access token is the right way to go. If you look at any Shared Prefs of an app with facebook integration you'll see that facebook keeps its token in clear text.
I have inherited an app which comes as a free version, and Pro monthly subscription is bought via in-app items. The Pro status (a simple string "pro_status") is saved inside the AccountManager (package android.accounts).
//AccountManager initiated
AccountManager mAccountManager = AccountManager.get(this);
//fetch accounts which correspond to our package name
Account[] accounts = mAccountManager.getAccountsByType(getString(R.string.account_type));
//save Pro status inside the AccountManager
mAccountManager.setUserData(mAccount, "is_pro", "" + info.isPro());
The app suffers from a strange bug that it forgets the Pro state randomly, either when you close the app or during the work.
Is this a good way to store Pro status? Could AccountManager be the reason why the app loses the idea of a Pro status?
I usually use either a database or SharedPreferences to store such data (besides storing it on the remote API), so I need a help from someone who used his app in the same way.
Usually the people playing with the setting "pro" status will be the one with rooted devices. Anyways the data stored in the account manager is visible to such users.
So, for such a use case, even account manager is not safe. Though other apps (with different UID) cannot access this data.
Also keep in mind that the user can delete the account from the settings which might be the reason for your settings going away.
My advice would be save this info in shared pref in encrypted form??
In all phones,there is a specific User Database which stores information regarding your accounts.
Is this a good way to store Pro status?
I cannot answer that however I can give you answer to related questions
Is it modifiable?
There are 2 ways of accessing this data, viz
The user explicitly gives permission to an application to read
account details for that particular account. This list of apps
which can access the details for this account are stored based on
PIDs,which cannot be same for different apps. check setUserData
and AUTHENTICATE_ACCOUNTS permission
This database can be accessed(and modified ) on a rooted device.
Can a user manually delete this data?
-Yes,He can delete the account from the device itself.It is his device and he can modify any account details on it too.
In my experiece,the Acccount Manager API is very temperamental, and prone to change which can break your code if it is not used in the way that it was intended to be i.e. store User Account details in centralised database.
You should look into the approach and comments(but not the answer) of this question
.
I agree with the shared preferences approach too.
I am a web developer and new to android and studying ... For first step I made an user login system using PHP-MySQL web services.
The application communicating with the web service pretty well and check for user exists. Now if the user exists it will return the user details if user exists.
My question is like in web application is there any session / cookie handling in android application ? For eg if I can save the session then not need to login at each and every time.
I am sure there is a way to do this because lots of apps are working with this feature. But since I am new to android please advice a bit.
Not knowing a correct word to googling. Is that "SavePreferences".
Thanks in advance
I think what you are looking for is SharedPreferences. This stores data persistently in a (key, value) pair so you could say have a check box at the login screen so if they check it then it stores a boolean as the value and their username as the key. Then when they get to the login screen and choose their username it checks that value and if it is true then it doesn't require a password. This is assuming that you allow more than one user to login from the app.
However, if you only have one person logging in from the app to that device, then you could send back a value from the web server when they open the app that they can skip the login screen.
Besides the links to the docs I provided above, Here is a good example in the docs to get you started
If you are in need of something more robust than what SharedPreferences provides, then look at the Storage Options section of the docs. Hope this helps
Retrieve prefs
SharedPreferences prefs = this.getSharedPreferences("john smith", 0);
saved= (prefs.getString("loginSaved", false));
if (saved)
// do stuff here
else
// require login
SharedPreferences is what you're looking for!
Check out this code to learn more about how to use it:
http://kettiandroidproject.googlecode.com/svn/trunk/Private/Earthquake/src/com/company/earthquake/Preferences.java