I would like to store my users username password in the app.
My question/fear is I've read a few answers similar to this one that explain if physical access to the device is gained by a malicious user he can read the username/password in plain text in a shared preferences file. Is KeyStore more secure than this and I would not have to worry.
If anyone is wondering why the extra precaution I'm trying to make this HIPPA compliant. And couldn't find anything on what sort of encryption is used or if it could possible be stored in plain text and reverse engineered.
More than using it as key/value storage option should I be encrypting/decrypting them before storing? What is the best approach?
Any links to google docs/videos on Keystore that talk about how the security is implemented are welcome.
This is the approach I'm taking currently. Excuse the C# I implemented this in Xamarin.
private KeyStore _keyStore;
_keyStore = KeyStore.GetInstance(KEYSTORE_KEY);
_keyStore.Load(null);
KeystoreEntry entry = new KeystoreEntry(Username, Password);
_keyStore.SetEntry(ServerURL, entry, null);
KeystoreEntry.cs
public class KeystoreEntry : Java.Lang.Object, IEntry {
EntryAttribute _usernameAttribute;
EntryAttribute _passwordAttribute;
public string Username {
get {
return _usernameAttribute.Value;
}
}
public string Password {
get {
return _passwordAttribute.Value;
}
}
public KeystoreEntry(string username, string password) {
_usernameAttribute = new EntryAttribute("Username", username);
_passwordAttribute = new EntryAttribute("Password", password);
}
internal class EntryAttribute : Java.Lang.Object, IEntryAttribute {
private string _name;
private string _value;
public string Name {
get { return _name; }
set { _name = value; }
}
public string Value {
get { return _value; }
set { _value = value; }
}
public EntryAttribute(string name, string value) {
_name = name;
_value = value;
}
}
}
As you can see a pretty simple approach just stressing about the security of it.
