I am creating an application which requires login and enables user to configure some settings.
However I would like to enable user to store preferred settings, username and password.
Does anyone know how to store and retrieve values from registry?
Another possibility is using SQL Lite database but if possible I would prefer to store values to registry.
Thanks!
"Preferences is a lightweight mechanism to store and retrieve key-value pairs of primitive data types"
http://developer.android.com/guide/topics/data/data-storage.html
Related
I am building an app which generates a random password and you can keep it along with your other details such as username, website url, name etc.
Basically a password management thing.
Things to be stored:
When I am clicking on the save button, I wanted it to be saved somewhere locally. So that, I could retrieve them and display it in another activity.
Can I share those things in SharedPreferences for all those password entries securely? [By password entry, I meant the entire class ]
I have referred to something like ComplexPreferences [ http://blog.nkdroidsolutions.com/class-object-in-sharedpreferences/ ]
I've tried them because I had created a class containing all these data [title, url, username, password, notes]. But I cannot retrieve them properly using a recyclerview. I'm ending up with some error.
If it cannot be done with SharedPreferences, how can I do it with SQLite Database?
But how can I save them securely? I don't know much about security in Android.
Please guide.
The shared preferences and sqlite db both are secure for an extend only.
It can be easily accessanle and can be modified even there are several apps available to edit the shared preferences and sqlite db in playstore . **
So i prefer not to store it locally
.you can use some kind of **algorithms and mechanisms to encrypt and decrypt the data that you are going to store locally.
if the device is rooted then its a SERIOUS ISSUE
Let's say, that you have a generated password along with other details like user name. Storing this kind of data is a perfect fit for SQLite. But, storing in plain text is not safe. Either the whole database or individual records should be encrypted. The former can be done using one of the open source database encryption libraries. For the later you have a couple of options:
Ask the user for a password each time he opens the app. Generate the actual encryption key using password-based encryption and the same salt value.
You can use the Android Keystore Provider to generate an encryption key and save it for you in a safe location on the device. Later, you retrieve the entry from the keystore and use it to encrypt/decrypt your database records using javax.crypto.Cipher.
Both options ensure that the encryption key is not be present in the app.
I still don't understand, why you need to save it locally? If only your application will be able to unlock data. In this case, only your application will have keys to working with this files.
For this example, you can easily work with SharedPreference with Private Mode. Furthermore, it's enough for most tasks. We using this option to save User's token, and it's Ok, for system. (If we talk about safety of this way, so you will have some risk for custom ROM, for Users, which manually flashed on device.)
If you need more complicated things, you can use sample, for using Android Keystore, with generating Key Pair, and saving data. For example you can check this source.
UPDATE!
So question was updated a lot, from first version. I will update information what you a looking for. Saving huge encrypted information locally.
Maybe easer way to do it, it's just use local encryption of data, as I described above, using Android KeyStore, KeyChain (links above). You will create our own KeyPair and will use for encryption and descryption some data. But this data, you will save in your DB in encrypted view.
Another more complex solution, will be creation of mechansim for encyption/decryption DB. As you described, you will save all information in DB, and after, just encrypt/decrypt you DB files. Fortunatly, we already have such library SQLCipher, just take a look. Fore example, this is pretty simple tutorial
I wanna save a user's score that is retrieved from a server, locally, in order to reduce number of calls to the server.
However if I use SharedPreferences, it could be easily edited by the user. If I use a local database, it could also be changed if user has root access.
So is there any way to safely store data? Should I encode it?
Note that I can't check if local score equals server score, because it may be modified by the app.
A better way to enforce security while saving data in either to save it on your server and enforce security there. But, if you want it to be saved on local; then encrypt them and save them.
For sqlite encryption; https://guardianproject.info/code/sqlcipher/
is great. (link to project)
For saving files or blob data https://github.com/facebook/conceal may
help.
For saving simple key-value pairs in sharedprefs -
https://github.com/scottyab/AESCrypt-Android is useful
It is not good to save sensitive data such as user's personal information and/or passwords in shared preferences or raw sqlite database without encryption.
I am trying to create an android activity "Save_Password" which stores the password in a database "PasswordDB".There is another activity named "Enter_Password" in which I want to allow the user to only enter the password which is already stored in SQLite database.
When I run this for the first time "Save_Password" should open. When I again open it "Enter_Password" should open.
Is there some query which I can execute to check if table exist or not.
Or should I use Shared preferences?
You don't need a database for just storing a "password". You can use SharedPreferences for that purpose.
Its very simple to use and a much light-weight operation that database. Doesn't slow down your app even by a bit.
If you are storing passwords locally in SharedPreferences, then they can be easily read, so its better to encrypt them and store and later decrypt them.
You can do this in a very simple way by using this small library, SecurePreferences
It will handle all the encryption and decryption automatically for you.
You just need to save password right? Then use SharedPreferences.
But saving password locally is not a good design choice.At least encrypt the data before you store, and decrypt it whenever you want to read it.
I'm writing a web service client and have the three obvious settings: url, username and password. For this the key value pairs in SharedPreferences would be enough. But I hit a roadblock when I wanted to subscribe to more than one server instance. What I need is the three settings stored once for each server instance added by the user. Whats the best approach here? Create a custom settings activity and save it to a file?
You can store a Set<String> in the SharedPreferences. You can use this to store the keys to the other properties.
One way of doing this is to store a set with keys that define each of your servers (for example, "foo.com" and "bar.com"). Then for each server store the properties you need using a known suffix. Lets say you need to the store the username and password for each one, then you would put "foo.com-username" and "foo.com-password" as the keys for the username and password for the "foo.com" server, same with "bar.com".
I know this topic has been discussed before on Stack Overflow. But there are still some things that are not clear when I read previous posts about it. So here they are:
I know that we use shared preference for small datasets and sqlite for large data manipulation, so if we just want to save a username and password should we use shared preferences?
Won't shared preferences be lost when user uninstalls the app? For example I download an app called abc and save my username and password. Then I uninstall this app from one phone and try to access it from other phone using the same username and password. Will this be saved using shared preferences or the data be lost?
What are the main reason we use one over the other beside large and small datasets?
You can think of the difference between shared preferences and an SQLite database in terms of data size but that isn't entirely accurate. A better way to think of it is in terms of the structure of the data you want to store.
Shared preferences can only store key-value pairings whilst an SQLite database is much more flexible. So shared preferences are particularly useful for storing user preferences, e.g. should the app display notifications etc. Whilst an SQLite database is useful for just about anything.
Both data sources are local but something you should be aware of is the ability to backup your application data to cloud storage that is linked to the user's Google account. This makes it much easier for your users to change devices and for their applications to easily transfer to the new device. For more info take a look here.
In the situation you described about you will lose the user name and password in both situations. The data is stored on the phone, when you uninstall the application, the data that some with it will also be lost. The user will have to re-enter this information.
You can save the user name and pass in either the shared Preferences or a DB, that is personal preference. Just make sure you lock either down, i.e. don't share the DB or Shared Preferences that you keep this information in.
As for the difference... shared Preferences should hold well... shared Preferences... here is an example:
If I create an option to change the background color, I will store all available options in a DB that can be loaded into a adapter view for the user to choose from. But I will store the color that they have selected in the Shared Preferences. This way when the application load I can get the Shared Preference value of the background color that should be used.
SharedPreferences is used for just that, storing user preferences shared application-wide. You can use it, for example, to store a user's username, or perhaps some options he or she has configured in your app in which you want to remember.
SQLite is a relational database. It's used to store your application's data, not preferences or configuration information.
Both are stored locally on the device.
1.SharedPreferences stores only Boolean, int, float, long, String five kinds of simple data types, such as can not be conditional query. So, whether SharedPreferences data storage operation is how simple it can only be a supplement of storage, but can not completely replace other data such as the SQLite database is stored.
2.SharedPreferences based on the XML file to store key-value key used to store configuration information(mainly user preference for your application).
3.Sharedprefrece just like cookies in web which store some basic information at client side.
both store their data locally, so uninstalling the app will delete both. other than that, SharedPreferences is easier to program, and you're right about the data amounts.
In general, shared preferences should be used if you want to allow your user to directly manipulate certain data fields. Shared preferences are basically user preferences; if you would like the user to reconfigure the app to behave in different ways, you should expose that functionality as a shared preference. On the other hand, the SQLite database should be used if you want to limit the visibility of the data to just the application, if you want a stronger guarantee that the data be persistent, and if you want the application to behave independently of what is stored in the database. Of course, you can use both in one application.
Shared preferences and the database are part of local data that the application stores. If you uninstall the application, both of the data stores will be removed.