2

I'm trying to build a secure remember me system that allow user enter in the app without insert credentials each time.

i found this: Add a "Remember me" checkbox in whitch was used sharedPreference that seems to me are not te best solution because every rooted phone can easily modify that params.

what's the best practice to follow?

Community
  • 1
  • 1
user3751914
  • 23
  • 4

2 Answers2

2

well the idea behind remember me is that you trade in their user name and password for some sort of auth token from your backend, and save that in shared prefs or SQLite. You SHOULD NOT be saving their username and password anywhere. You should be saving a token of some sort for them. if they dont have a token stored keep them at login, and if they do then take them to the main page and send that token to a backend to be validated, and log them out if it is not

Tomer Shemesh
  • 10,278
  • 4
  • 21
  • 44
  • ok get it, thanks. but how can implement it? are there any guideline or tuts i can follow? – user3751914 Apr 21 '15 at 17:22
  • @user3751914 i couldnt find any specific tutorials for this. do you already have a backend setup? what are you validating your username and password with? – Tomer Shemesh Apr 21 '15 at 17:25
  • i have an online database that i use with php – user3751914 Apr 21 '15 at 17:30
  • so when they login and you get a token jus save that using shared pref: http://stackoverflow.com/questions/23024831/android-shared-preferences-example then when you open the app to the login pagen if you have an auth token saved just let them to the next activity and check the auth token in the background – Tomer Shemesh Apr 21 '15 at 17:31
0

You can save credentials in SQLite. Encode them and decode. You can implement own decoder if you want and saving credentials in SharedPreference.

Sirelon
  • 6,446
  • 5
  • 26
  • 30
  • you should never save credentials in plain text in an app. you should always be trading them for some sort of token and save that. – Tomer Shemesh Apr 21 '15 at 17:05