Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Is there a way to securely store user data on an Android device?

I'm writing an application wherein users will sometimes make orders through it. I want to give users the option to save their billing info (name, address, etc.) so that it can be quickly restored later if they want to make another order. The user will enter a password to secure the data.

Obviously I can't just put this as a file on the device, as anyone can root/find the data. Is there a built-in Android method for storing secure data that is locked with a password? If not, what is a good place to start for storing this data securely using Java?

Edit: To clarify, when I say that the user will enter a password, I don't mean that I've come up with a way to secure the data yet. I'm just trying to convey the method with which the user will secure the data on their end; now I'm trying to figure out how to keep my end of the bargain. :)

like image 475
Dan Lew Avatar asked Apr 09 '10 13:04

Dan Lew


2 Answers

You could use the included javax.crypto classes to encrypt any sensitive information.

You can view the source code of the Secrets for Android application for some examples.

Secrets for Android is an application to securely store and manage passwords and secrets on your Android phone. It uses techniques like strong encryption and auto-logout to help ensure that your secrets remain safe (assuming you use a good master password!). Context-sensitive tips guide you along through its operation, making it easy to use.

like image 137
Steve Avatar answered Nov 13 '22 07:11

Steve


Obviously I can't just put this as a file on the device, as anyone can root/find the data.

True, but if you allow the user to define a password for the backup file, somebody who stole the file would still need to crack the encryption. They can find out the algorithm you're using, but not the password.

Is there a built-in Android method for storing secure data that is locked with a password?

Android itself does not offer an encrypted file store. You can encrypt files yourself, which is what I assumed you were doing when you wrote that the "user will enter a password to secure the data".

like image 23
CommonsWare Avatar answered Nov 13 '22 06:11

CommonsWare