Android SharedPreferences Password

Question

I just wanted to ask if it is a good idea to store a password (encrypted) in the SharedPreferences. In Android you can delete the sharedPredPref for an application and then the password is gone, so it is better to store it in a database like sqlite? In my application I saved it in a sharedPref, so when starts an activity for the first time, he must set a new password. Now the problem is that, someone else can just delete the sharedPreferences and then he will just asked again to set a new password.

Answer 1

Use MODE_PRIVATE in shared preferences so nobody can access it except your application

SharedPreferences prefs= getSharedPreferences("yourpasspreference", MODE_PRIVATE);

Better to save the password kind of thing in encrypted form.

To protect clearing the data from settings you can use this in your manifest

<application android:label="MyApp" android:icon="@drawable/icon" 
           android:manageSpaceActivity=".ActivityOfMyChoice">

It will Disable the Clear Data Button in Settings, Manage Space button will be shown instead which launches the ActivityOfMyChoice Activity defined by you.

Answer 2

In android SharedPreferences as well as SQLite are both cleared when in application screen you press Clear data button. So there is no difference in that!

The user in that case would be logged out just as the first time he starts the application. Final authentication should always happen at server-side, not inside the app.

Answer 3

If your only concern is that someone might delete the preference xml file then storing them in SQLite will make no difference. Because both of these are deleted when you clear data for an app.