3

I have a dilemma, i need save some security data on my Android device, this data is login information to personal cabinet, so can you please, give me an advice where is better to save this info into simple txt file(but what about security?) or maybe is there analog of MySQL DB in Android platform(and how i can access it)?

vladimir
  • 695
  • 3
  • 15
  • 34
  • http://stackoverflow.com/questions/785973/what-is-the-most-appropriate-way-to-store-user-settings-in-android-application – Anukool Mar 04 '13 at 11:55
  • This answer goes in your direction: http://stackoverflow.com/questions/785973/what-is-the-most-appropriate-way-to-store-user-settings-in-android-application/786588#786588 – r0- Mar 04 '13 at 11:55
  • 1
    Use encryption. And don't hard code the key in code, instead, derive it from characteristics of that particular device. – S.D. Mar 04 '13 at 11:56

4 Answers4

2

The best way to store personal data in Android application is using shared preferences with mode private, so that nobody can access that data other than your application. for more details see Android developers tips about shared preferences here.

Shridutt Kothari
  • 7,326
  • 3
  • 41
  • 61
1

AFAIK you cannot run MySQL on a android device but you can use SQLite (tutorial). You could even try using SQLCipher to store it in a encrypted database. Although I'm told it's not too hard to extract the access key from your APK.

When you store you password, make sure you encrypt it (even if you are encrypting the database). Storing passwords as plain text is rarely a good idea ;)

Whatever you do, do NOT store it in a text file!

ingh.am
  • 25,981
  • 43
  • 130
  • 177
1

You can save the simple txt file into your application directory. In General, Android assigns each application a unique uid. Each application has its own application directory with mode 660. So other application cannot access its content. To write your own application directory, you can use the following code: 

String filename = "myfile";
String string = "Your security content";
FileOutputStream outputStream;

try {
  outputStream = openFileOutput(filename, Context.MODE_PRIVATE);
  string = encrypt(string);
  outputStream.write(string.getBytes());
  outputStream.close();
} catch (Exception e) {
  e.printStackTrace();
}

However, if the target device is a rooted device, other application can access your file. So a better approach is to encrypt your data, and save it into the application directory.

For a database approach, it has the same problem, you can define your own content provider without exporting it out, but it is still vulnerable on a rooted device. So whatever you choose, writing txt file or storing it on DB, encrypt it first is necessary.

StarPinkER
  • 14,081
  • 7
  • 55
  • 81
0

You could store the details in the SQLdb on android but save all the form details using encryption and just persist the strings.

You can see in the answer below an example of someone doing this exact same technique and using the phoneId for the encryption (although I'm not sure how safe that really is).

Is it safe to store username + passwords in a local SQLite db in Android?

Community
  • 1
  • 1
David
  • 19,577
  • 28
  • 108
  • 128
  • 2
    Using the phone id is unsafe, since anyone who could get access to the on-device database can also obtain the phone id. – Shade Mar 04 '13 at 11:57
  • Yeah that's what I thought, I'm not sure why in the answer they recommended that. – David Mar 04 '13 at 12:00