For example I need to save important data (passwords, token's, & etc.) on the device. The encrypted or not encrypted data. Will I need android.security KeyChain for secure data storage? If the user of the device will root his device, will the data Keychain invulnerable? What advise to use for data security?
This is a very broad question. Perhaps a community wiki exists already with an answer for it. Anyways, here is a collection of resources related to secure storage in Android that should be helpful:
- Android training: http://developer.android.com/training/articles/security-tips.html
- Credential storage API: http://nelenkov.blogspot.jp/2012/05/storing-application-secrets-in-androids.html and http://nelenkov.blogspot.no/2013/08/credential-storage-enhancements-android-43.html
- http://developer.android.com/samples/BasicAndroidKeyStore/index.html
- You can use the Account Manager for accounts and add features and properties to it to keep custom data:
- http://developer.android.com/training/sync-adapters/creating-authenticator.html
- http://developer.android.com/reference/android/accounts/AccountManager.html
- https://github.com/android/platform_development/tree/master/samples/SampleSyncAdapter
- http://nelenkov.blogspot.no/2012/11/sso-using-account-manager.html
- http://udinic.wordpress.com/2013/04/24/write-your-own-android-authenticator/
- https://groups.google.com/forum/#!topic/android-developers/Vubkbfqimm8
- In general you should check out Nikolay Elenkov's blog with lot's of good articles on Android and security: http://nelenkov.blogspot.no/
Menu
702
