0

This will be an additional question to my previous question: Storing password for an offline app

If I store my password in a file in external storage and it's encrypted, is the file editable?

I'm just thinking for example, I set a pass "hello" and stored it in a file. Then to login, I will call that encrypted string.

What if you open the file where your password is stored and edit that encrypted string and save it and you try to login again in your app, will the "hello" still work?

Sorry, I'm kinda new to this thing.

Community
  • 1
  • 1
Jane07
  • 31
  • 7

2 Answers2

2

Why don't you use SharedPreference for this kind of data saving. If your data is not quite big you can use SharedPreference for that. Save the data in SharedPreference so it wont be editable explicitly. And the data is only editable by your app. Documentation for SharedPreferences

The SharedPreferences class provides a general framework that allows you to save and retrieve persistent key-value pairs of primitive data types. You can use SharedPreferences to save any primitive data: booleans, floats, ints, longs, and strings. This data will persist across user sessions (even if your application is killed).

  • My concern in using SharedPreferences, Internal Storage and SQLite for storing passwords is when someone clears the data of the app from the settings > manage apps – Jane07 Feb 19 '14 at 07:27
  • 1
    There's a solution out to prevent clearing actually called manage storage. I'll see if I can link you over in a while. – Orphamiel Feb 19 '14 at 07:28
  • http://stackoverflow.com/questions/6531173/how-to-disable-the-clear-data-button-in-application-info-of-manage-appliaction - here it is the solution with the manage space is the one. – Orphamiel Feb 19 '14 at 07:30
  • You can read more [here](http://stackoverflow.com/questions/20300166/how-to-prevent-a-shared-preferance-from-being-clear-in-setting) it can be prevented but not recomended. –  Feb 19 '14 at 07:34
  • Please go through this link http://stackoverflow.com/questions/7085516/shared-preference-and-clear-history-data –  Feb 19 '14 at 07:36
  • Thank you so much for the links. I'll vote you up when my reputation became 15 :) – Jane07 Feb 19 '14 at 07:39
0

Yes, the file is editable. The only way you can make it uneditable is storing in internal storage using mode_private.

The encryption prevents people from reading what the password is and editing into a format readable by your application only.

Orphamiel
  • 874
  • 13
  • 22
  • What if your device is rooted, will the user be able to see and edit the files in internal storage? – Jane07 Feb 19 '14 at 07:20
  • Yes they'll be. You can however encrypt and store inside to prevent it from being readable from outside sources. There's no way to prevent editing in rooted phones really. They're stored in /system/data/data in case you want to try – Orphamiel Feb 19 '14 at 07:21
  • And if they edit that encrypted string for the "hello", the "hello" will not work? – Jane07 Feb 19 '14 at 07:23
  • Yes but there's no way to prevent editing in rooted phones so there isn't another solution out. – Orphamiel Feb 19 '14 at 07:24