-5

As I understand it, it's possible to retrieve data stored in SharedPreferences. Therefore it isn't safe. Could anybody advice me on a way to completely secure the data? I know it's possible to encrypt and store the data, but I'm wondering, is there any other way?

srj
  • 90
  • 7

3 Answers3

3

Data stored in SharedPreferences, if created with Context.MODE_PRIVATE, is only accessible to your own application.

Though, if the users phone is rooted, then the data can be read by root applications (even if created with Context.MODE_PRIVATE).

There is no way to avoid that, ever. But you can take precautions such as encrypting the data in SharedPreferences.
A good example of this is the SecurePreferences library: https://github.com/scottyab/secure-preferences

Moonbloom
  • 7,738
  • 3
  • 26
  • 38
  • thanks man.. i believe what u have suggested is end of road i.e. encrypt and store data. – srj Oct 29 '15 at 13:10
0

Shared Preferences are stored as a file in the filesystem on the device. They are, by default, stored within the app's data directory with filesystem premissions set that only allow the UID that the specific application runs with to access them.

So, they are private in so much as Linux file permissions restrict access to them, the same as on any Linux/Unix system.

Anyone with root level access to the device will be able to see them, as root has access to everything on the filesystem.

If you're concerned about such access to your preferences (or any data written by your application), then you will want to encrypt it. You can google it out.

Prateek Mishra
  • 1,226
  • 10
  • 21
0

Try this https://prashantsolanki3.github.io/Secure-Pref-Manager/ to easy work with shared preferences, it also encrypts the key and value before saving it in the preferences.

Sample code to save a value:

SecurePrefManager.with(this)
            .set("user_name")
            .value("LoremIpsum")
            .go();
Prashant Solanki
  • 660
  • 5
  • 10