Android best way to save settings and data

Question

I need to save some int and boolean for the setting, and for now i'm doing it with SharedPreference, I'd like to know if there are problems with this way, can i stay sure that those data won't be touched or lost? There are contraindications in using this way?

And now the real problem: i need to save some strings, that are basically something like... text description of some urls and the urls, but i don't really think that SharedPreference would work since i don't know how many those items can be, they may be 5, 8, 10, i don't know, those data will be downloaded via internet, so: how could i save them?

I'm not really good at Android programming, but i studied Java a lot of time ago, could i just save it as a file and parse it? I think I could create a Serializable wrapper class and write the items in a file but... is it really safe? users could edit those file or delete them, i think it maybe better if i could save them in some... "locked for app-only" folder, does something like that even exists? And if yes, how do i access it?

Answer 1

In Android apps are like users in Linux system, each user has its own private space, the same goes for apps, each application has its own storage space, and that's where data related to an app will be. By default SharedPreferences are stored in MODE_PRIVATE, so they will be accessed only by your app, no other external app would be able to access them. If you want to share some of your preferences you can choose other storage modes MODE_APPEND, MODE_WORLD_READABLE, and MODE_WORLD_WRITEABLE.

All that has been said about the MODE_PRIVATE is applicable in the case of a not Rooted device.

For more details on Android Security you can check these resources

Answer 2

I highly recommend using Facebook Conceal. SharedPreferences can be modified by root user independently on used MODE, Conceal keychain file can not.

Conceal creates encrypted file that can be accessed only by the app and your settings are safe. Of course user can delete this file, but you cannot prevent deleting data, only modifying.

Very easy to use:

// Creates a new Crypto object with default implementations of 
// a key chain as well as native library.
Crypto crypto = new Crypto(
  new SharedPrefsBackedKeyChain(context),
  new SystemNativeCryptoLibrary());

FileOutputStream fileStream = new FileOutputStream(file);

// Creates an output stream which encrypts the data as
// it is written to it and writes it out to the file.
OutputStream outputStream = crypto.getCipherOutputStream(
  fileStream,
  entity);

// Write plaintext to it.
outputStream.write(plainText);
outputStream.close();

Enjoy ;)

Answer 3

sharedPreferences is completely safe to use, plus the privacy you declare the class to instantiate, can be used only by your application and can also give permission for use by other applications giving property Context.MODE_PRIVATE. The only way anyone can see your settings is to be a root user and also that the user knows the route to follow to find the .XML on your preference, personally SharedPreferences is entirely feasible. Another way would be to use a SQLite database, but as a root user preferences can access your .DB and modify any database manager data such as navicat

Answer 4

SharedPreference is based on a xml file stored in app folder. It's secure like write info on another xml file. It's mainly used for app configuration. For other kind of data, it's better to use database (SQLite) or in json (more performance than xml).

In android, you will use many concept you already studied on desktop version of Java. But the platform is quite differente, especially on performance point of view.