Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Android: Encrypt password [duplicate]

Tags:

android

password-protection

Possible Duplicate:
Storing a password

I am using shared preference to store password. Is it is secure to save the password data as it is, or i have to encrypt it before saving it. Please help me with sample code.

Thanks in Advance,

like image 586
upv Avatar asked Jun 15 '11 08:06

upv

3 Answers

Short answer: it's pretty secure.

Long answer: first off, if you are creating an application that allows a user to log into a web / remote service, you might want to look into the AccountManager. It's a bit harder to learn the APIs and intergrate with it, but you get some nice benefits:

  1. Simple multiple account management (all the accounts are stored in the AccountManager).
  2. Ability to add SyncAdapters (and writing them will be pretty simplified, since the AccountManager will call your adapters with the right account -- you don't have to run the sync for each account manually).
  3. Your app will appear under Settings > Accounts & sync.

Check out the Sample Sync Adapter in the docs -- it shows how to use the AccountManager (you can ignore the sync stuff if you don't need it).

Now, on to the secureness of storing the password (what follows is valid for both storing the password in SharedPreferences and in AccountManager). As long as the device on which your application is running is not rooted, it is completely secure. No other app but yours can read the password. You can't even read the password if you connect the phone to a PC using a USB cable and use adb pull to try and get the respective file.

However, if the phone is rooted, any app that gets root access can read the password. Also, adb pull works, and you can get to the password in seconds.

Because of this, encryption is recommended (especially if your web / cloud / remote service holds sensitive data). I have used SimpleCrypto in my last project (together with AccountManager) and it works pretty well. In case you're wondering, I just used a constant for the "master password". For added security, I have obfuscated the final build (check out how).

like image 97
Felix Avatar answered Oct 20 '22 05:10

Felix

No its never secure to store passwords in plain text, remember what happened to Sony recently?

Any java encryption technique will do

like image 26
Reno Avatar answered Oct 20 '22 07:10

Reno

You should never save a password directly, instead save a hash of the password.

like image 33
Flo Avatar answered Oct 20 '22 05:10

Flo
Sign in to Comment

Related questions

android system notification limit per app
Android Studio show the dialog "unable to create debug bridge : unable to start adb server: unable to obtain result of 'adb version'"
Realm Exception 'value' is not a valid managed object
how to hide bottom bar of android (back, home) in xamarin forms?
android - Cannot resolve method getSystemService issue
Result of 'File.mkdirs()' is ignored
LinearLayoutManager cannot resolve getOrientation()
Lottie animation slow android
GoogleSignInAccount getIdToken() is null
Cannot Center Column Widget
Dagger 2 androidx fragment incompatible types
Firebase Remote Config Fetch failed with user not authorized
setFragmentResult and setFragmentResultListener packages not found (Unresolved reference)
Can Jetpack Compose be used to build App Widgets?
How do I launch settings directly on Wireless & networks page?
What is a Full Android Database Helper class for an existing SQLite database? [closed]
Android: How to change the textsize in an EditText field?
How to Set Background Image from asset folder in android?
Android: error including/repacking dependencies which reference javax core classes
Getting favourites contacts in Android

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!