Is Shared Preferences safe for private datas?

Question

Im saving datas from my db/user into a gson formated ArrayList in SharedPreferences. Now my question :

Is it safe to save these datas (or data in general) into Sharedpreferences. Are users able to read these gson Arraylists out ? Maybe from SD card ,in a folder or somewhere else.

Thank you !

Answer 1

They are stored as xml files in your app directory, with permissions that allow only your app to access them. But on rooted device they are easily accessible. If you are concerned with security then you may use encryption, those projects might be usefull to you:

https://github.com/rtoshiro/SecureSharedPreferences

https://github.com/sveinungkb/encrypted-userprefs

still those projects does not give you 100% guarantee, hacker may decompile your apk and find keys used to encrypt shared preferences. So if your data is of use only for short time then remember to remove it from your device once user has finished using it. You may for example keep data on server and download it only when needed, caching locally only for short time - when its needed.

Answer 2

You can read all shared preferences Data

The SharedPreferences class provides a general framework that allows you to save and retrieve persistent key-value pairs of primitive data types.

To see the information in the store you need to know the important thing from the data. This will make reading through the information super easy. But as simple as it's to keep a tiny bit of data as difficult it's to keep and browse large structured data since you need to define key for every data, in addition you can't really search inside the data except you've got a certain concept for naming the secrets.

Please read Android SharedPreference security

Answer 3

SharedPreferences is just a file located in phone private memory. So user can't access it but root can. Root can everything and many users have root's nowadays. You shouldn't store fragile data there

Android SharedPreference security