I am developing an app which sends email. I use this to send message, but it requires username and password of my gmail account. So, I need to store them in app. How to protect them from malefactors?
Asked
Active
Viewed 121 times
0
-
Use Shared Preferences. :) Data stored will be within application. – Atul O Holic Mar 08 '14 at 06:59
-
2@AtulOHolic but I think even `SharedPreference`s are not secure... – Gopal Gopi Mar 08 '14 at 07:01
-
That is not realy secure – nano_nano Mar 08 '14 at 07:02
-
You can open the shared preferences file just like any other text file on a rooted phone. So saving sensitive information in `SharedPreferences` is not encouraged. – Basant Singh Mar 08 '14 at 07:10
-
How about storing in preferences in encrypted format. like cipher encryption. and when you need it in your application decrypt it. – NaserShaikh Mar 08 '14 at 08:05
-
Could you show me an example how to do that? – Nolesh Mar 08 '14 at 08:24
4 Answers
4
Don't store passwords use tokens like a session cookie on http. Sessions can been revoked server side by user actions without harming other sessions.
A password can been read out (even if it is encrypted you need to send it unencrypted to the server hopefully via TLS) and if the user uses that password on multiple sites the user will get a problem.
rekire
- 47,260
- 30
- 167
- 264
1
I don't see the adequate answer, so I decided to get rid of storing password within my app. I just send request with necessary parameters to my server. The server gets these parameters, creates email and sends it to the recipient by using PHPMailer library. I used the code from this to send request to server. I hope it helps someone else.
0
This is just a suggestion but a little helpful. As other says SharedPreferences is fully secured but if we save data in SharedPreferences as encrypted format then it should applicable.
here is a examples and also MessageDigest will help you a little here.
Note: This question is directly proportional to security things, so I never recommend any of my answers. But it can be helpful.
-1
You can use SharedPreferences for this but beware saving passwords is usually frowned upon even if highly encrypted.
Even in a PC app saving a password always warns you that the password is saved locally and is not secure from attacks.
Andres S
- 471
- 1
- 5
- 19
-
1This is the second answer in the past 10 minutes that suggested using shared preferences to store passwords. Awful. – Pedantic Mar 08 '14 at 07:04
-
I agree that this is awful, which is why I mentioned that it is usually not the best idea to use it. Maybe I just worded my answer wrong. – Andres S Mar 08 '14 at 07:06