0

I'm trying to figure out a good way to store logged-in user data.

I'm thinking of saving the user-id into the SharedPreference "MODE_PRIVATE".

My questions is, if a user create an account with the id of 1. Is it possible to tamper with the APK and change the value to be 2? This way when he re-opens the application he can be falsely logged in as user 2?

If yes, i would love to get an explanation and ideas for better solutions to counter that.

TareK Khoury
  • 12,721
  • 16
  • 55
  • 78
  • 1
    http://stackoverflow.com/a/9244620/3830694 and http://resources.infosecinstitute.com/android-hacking-security-part-12-securing-shared-preferences-third-party-libraries/ – Krupal Shah Nov 04 '15 at 15:51
  • Thanks, this answers my is it secure part. I guess it is not. Anyone with a rooted phone can read and change the value. Any better solutions? – TareK Khoury Nov 04 '15 at 16:02
  • better solution would be that you save encrypted data. – Krupal Shah Nov 04 '15 at 16:03
  • There will be always options to make evil, encrypt your sensitive data (and there will still be options...) – Nanoc Nov 04 '15 at 16:06

0 Answers0