Reputation: 1040
Android SharedPreferences vulnerabilities
I am developing an application where users can play simple games and earn points with each game. The application consists of starting and ending multiple activities and with each activity, a request is made to update the user information.
There are multiple requests to the server with this back-forward activity template, so I was thinking if I could save the points with SharedPreferences and make a single request at the best time.
My concern is: can someone mod the application and change its SharedPreferences points? Are there any vulnerabilities regarding SharedPreferences? I am afraid to start saving the user points in SharedPreferences and then someone cheats his points with some exploit.
Upvotes: 0
Views: 736
Answers (2)
Reputation: 73731
Are there any vulnerabilities regarding SharedPreferences
Yes, if a user has a rooted device they can easily get the shared preferences file and update it.
What you could do is use EncrypedSharedPreferences to store the data but a good rule is if you don't want someone to potentially get access to something they shouldn't then you should not keep it on the device
Upvotes: 1
Reputation: 618
To make it more difficult to extract from the device you can store it inside Keystore system.Once keys are in the keystore, they can be used for cryptographic operations with the key material remaining non-exportable.
For more information about storing on keystore please check below link https://developer.android.com/training/articles/keystore
Upvotes: 1
Related Questions
- Security with SharedPreferences
- Understanding SharedPreferences
- Android SharedPreference security
- Android SharedPreferences
- SharedPreferences - Android
- Android SharedPreference
- SharedPreferences: What are they shared with?
- Problems with SharedPreferences
- SharedPreferences Android
- Java Android SharedPreferences issues