sharedpreferences encryption wrapper - Android SharedPreference security




1 Answers

SharedPreferences are nothing but XML files in your phones /data/data/ folder,So any application or user with superuser privilages on a rooted device can access your SharedPreferences, even if they were created with MODE_PRIV

Still there is a way to protect it from everybody... Please checkout this link. Here you can store data in pref with encryption,the class is self explanatory and very easy to use.

https://github.com/sveinungkb/encrypted-userprefs

As said by others anyone can access it but in this case no one can read data inside it as it is encrypted. So its secure.For Utmost security my suggestion will be to generate the key used for encryption at run time rather than hard coding it. There are many ways to do that :)

for keystore vs

I wonder about shared preferences security.

Is it possible to get access to sharedpreferences, even if they were created in MODE_PRIV (0) ?
Is it possible to list all sharedpreferences available and then fetch all settings from other apps?
Is sharedpreferences good place to put sensitive data, such as password or auth token?

Thanks




Related