Reputation: 4937
What is the best method to authenticate users for my Android application?
I'm working on an Android application that needs users to be registered with us first and then only they can access. The information users will get will be really sensitive, so I want a secure method to do this. I have never worked on such authenticating feature before with Android, but when I had to do something similar for a web application I would store the passwords MD5 hashed in a MySQL database. But I think this isn't a quite secure method, is it?
What can I do to ensure security for my users while authenticating them?
Also, can I use oAuth here?
Upvotes: 3
Views: 2930
Answers (1)
Reputation: 16790
Yes, you can use oAuth on Android. You should look at the official Android oAuth2 training http://developer.android.com/training/id-auth/authenticate.html
If you decide to implement your own authentication method, then storing passwords will be tricky. MD5 is insecure, SHA-256 with salting may be enough. In this scheme you store two things:
- The password hash = SHA(password + salt)
- The salt which is a random literal.
A good tutorial and a lot of details on this topic can be found on this page
If you have to deal with high risk data, I suggest you to contact security specialists who can help you create an appropriate solution. If you do it yourself without experience, then it is most probable that you will fail.
Upvotes: 2
Related Questions
- AppAuth or manually implementing OAuth2.0 in Android
- What is the most secure way to authorize an user in Android?
- Options to securely authenticate mobile access using OAuth2
- User authentication methods for REST api project
- Best practice for authentication and authorization in an Android Application
- Secure OAuth implementations in Android apps?
- Best way to allow users access to your app using their Google credentials
- How do I authenticate users for my Android app?
- Android - Best practice Login application
- Authentication on Android