Reputation: 23
Saving user credentials in Encrypted Shared preferences is safe or not?
Trying to save user credentials is Encrypted Shared Preferences. Is this approach is safe?
Upvotes: 0
Views: 534
Answers (1)
Reputation: 5884
No. It is not safe. Nothing you've written would make it safe.
It might be safe if it's hashed one way and it's very difficult to revert back to the plaintext credential.
It might be safe if the encryption key is stored on a yubi key.
It might be safe if the decryption requires a fingerprint and is part of a security enclave.
But you've not provided any use case (why do you need the credential? Is it to authenticate the user on the server, or to login to a server at a later date?). You have not provided any information about the encryption process. You have not provided any information about the platform.
And then there is risk assessment - it might be safe enough if the credential expires after 30 minutes of inactivity. it might be safe enough if the credential is exchanged for a temporary token so that in case the "encrypted shared preferences" is hacked, then the credential wouldn't be there - only an ephemeral token that must be exchanged periodically.
Upvotes: 0
Related Questions
- How to Secure Android Shared Preferences?
- Shared Preferences in Android?
- Converting a normal Shared Preference to Encrypted Shared Preference
- Android -- Storing data on shared preferences
- How secure Shared Preferences data in my application from Security Auditor
- Is Shared Preferences safe for private datas?
- Android SharedPreferences Password
- Password protect a preference in Android
- Using shared preferences for persistent login, is that vulnerability?
- storing password using shared preference in android