-1

Good day, I am currently building the Login system for an Android App (it connects to a server and retrieves a web token) and I have multiple questions on the matter:

  • What is the preferred way for storing such token locally in Android?
  • Is there a library that allows me to encrypt it and store it safely on SharedPrefs without needing to store separately the Key and Salt for the encryption?
  • Is it safe to send the token from LoginActivity to AnotherActivity inside an Intent Extra?

Apart, an additional question would be if it is safe to send the email/password combination from LoginActivity to LoginViewModel and finally to the DataSource (EndpointInterface, etc) by passing them as parameters to methods of such classes.

Thanks in advance!

Gianfranco Gasbarri
  • 75
  • 2
  • 7

3 Answers3

1

SharedPreferences is best for storing the data locally. When you app have existence in system the data will present and you can easily access throughout the app.

SharedPreferences mPreferences = context.getSharedPreferences(PREF_NAME,PRIVATE_MODE); mSharedEditor = mPreferences.edit(); for save the token

mSharedEditor.putString("FCM_TOKEN",fcmToken);
    mSharedEditor.commit();

**to get the token **

mPreferences.getString("FCM_TOKEN",null)
Pawan kumar sharma
  • 654
  • 1
  • 7
  • 21
0
  1. shared prefs are pretty safe, can be accessed only by your app or root user.
  2. not sure about library, but u can use some simple ndk methods to encrypt/decrypt data. it will give you some extra points of security
  3. Its safe if u use explicit intents

P.s. if your app is a bank client, than you should n't folow this answer

Max
  • 146
  • 2
  • 9
0

Use account manager for this case.

https://developer.android.com/reference/android/accounts/AccountManager.html

You can even share your account manager across apps as long as they are signed by the same keystore cert.

hepizoj
  • 243
  • 4
  • 9