How to save a token secretly in Android

Question

I have an Android app where users have to login to use it, when a request is made (in PHP) a token is needed, the thing is, I need to save the token in Android's shared preferences, I know there are ways to encrypt it, but if someone would go to open the app and see the source code, the would know how it was encrypted.

How do I securely save the token?

Thanks in advance.

Possible duplicate of [How to securely store access token and secret in Android?](https://stackoverflow.com/questions/10161266/how-to-securely-store-access-token-and-secret-in-android) — Ali Ahsan, Aug 07 '19 at 21:31
Check the Android keystore: https://developer.android.com/training/articles/keystore — Gabriele Mariotti, Aug 07 '19 at 23:42

score 1 · Accepted Answer · answered Aug 08 '19 at 02:23

Android Keystore is a preferred way of storing sensitive information, namely token, password, etc.

However, in case you want to simply store it in SharedPrefs, using one of the existing libraries would come in handy. You can check SecureStorage library and give it a try.

How to save a token secretly in Android

1 Answers1

Linked