How can I keep secure data from crackers in an android application? I need to use some secret keys (as the application will work through a web service) so I need to know where it would be recommended to keep this secret information and how?
You could use SharedPreferences which is not stored in an accessible file/folder. Click here for information on SharedPreferences and here for how to use it. This is an example:
// Get settings
SharedPreferences settings = getSharedPreferences(PREFS_NAME, 0);
// Get editor to be able to put settings
SharedPreferences.Editor editor = settings.edit()
// Put information with specified key
editor.putString("example_key", "example value");
// Commit changes
editor.commit();
// Gets value from setting with the specified key
String exampleString = settings.getString("example_key", null);
You can save them in a Preferences object and encrypt them with a hard-coded key, save them to the app's data folder and encrypt the whole file with a hard-coded key, or save them in a web location (which is probably the safest way to do it). You could also substitute a user-provided password for a hard-coded key, but that may be a nuisance depending on what the app does. If you're asking for a place that Android provides specifically for storing sensitive info, I don't believe any exists.
Related
For my android application I'm using the "sharedPreferences" to save the logIn password and some other data. I have the following problem:
When I install my APK and I create an account the LogIn data are saved with sharedPreferences. After deleting my application and reinstalled I can still use the old password.
Is there any possibility to remove what ever is saved through sharedPreferences? My last question is, is the method to save my LogIn Password with sharedPreferences a good technique or I should use something else?
Thank you in advance!
As far as I know, It's a good way to use SharedPreferences when you need to save Login Password, Now coming to your main question, You might have android:allowBackup="true" in your manifest, Try passing "False" instead
Update
Just for your information, SharedPreferences deletes the info on uninstallation.
You can use something like this to clear your sharedPreferences.
SharedPreferences sharedPreferences = context
.getSharedPreferences(context
.getResources()
.getString(<<YOUR_NAME>>), Context.MODE_PRIVATE);
SharedPreferences.Editor editor = sharedPreferences.edit();
editor.clear();
editor.commit();
About your second question, you can persist login and password in SharedPreferences, but its good to create a security sharedPreference.
And if you have to persist some complex data and objects, you can use Room Database to do it.
Here's a Room database link
I am using shared preferences and would like the default value to be 1 when there are no preferences found.
My code
int currentRadio;
...
SharedPreferences prefs = getPreferences(MODE_PRIVATE);
currentRadio = prefs.getInt("radioSelected", 1);
I am unsure why I am not getting 1 for the default value.
To test I would uninstall the app from my phone then launch the app to my phone from android studio. Every time I get 2 as the default value. However, if I just clear the data from the app, I get 1 as the default value.
Any help is appreciated, thank you.
Just Go through this:
SharedPreferences sp = getSharedPreferences("your_prefs",Activity.MODE_PRIVATE);
SharedPreferences.Editor editor = sp.edit();
editor.putInt("your_int_key", yourIntValue);
editor.commit();
Then you can get it as:
SharedPreferences sp = getSharedPreferences("your_prefs", Activity.MODE_PRIVATE);
int myIntValue = sp.getInt("your_int_key", -1);
The SharedPreference interface gives you access to the an xml file, and a easy way to modify it through its editor. The file is stored in /data/data/com.your.package/shared_prefs/ and you can access it onlu through this SharedPreference API
Actually, you also need to provide a default value to getInt which is returned when an int with the key your_int_key could not be found. Something like this:
int myIntValue = sp.getInt("your_int_key", -1);
where -1 is the default value
Also, If you use API 9 or above you should use apply() instead of commit()
declare prefs like:
prefs = PreferenceManager.getDefaultSharedPreferences(context);
It would be happening due to you wrong implementation of shared preference.
Do one thing search for the key "radioSelected" in you app. if it found at any other place to save the value in shared preference, then make it comment.
Or just share your complete shared preference file.
If using android-21 the problem is not with preferences. Its with backup manager
Add in manifest file
android:allowBackup="false"
I am wondering what the best method is to check if it is the first time a certain user has used my app, and also when they update will it reset and make it think they are a new user.
Edit(For more precision): I want to store a user id number in my sql server, and I want every user to create a password when they first download, but I also want them to have the option to select "Already have account" so that they can sync their accounts across devices
Like Illegal Argument mentions, the most reliable way is to use a server, because if you use a Shared preference, the user can delete the data or move to a different device and appear to be a totally new user.
If you don't want to go through the trouble of creating and managing your own server, you might consider using Google's Cloud Save API. When your app starts, check for existing data in the cloud. If there's nothing there it's a new user so create the data. It should be as simple as that.
The most reliable way to know that the user is a first time user is via a server validation. Another way to do it would be to use shared preference and saving certain data in internal or external storage. However storing data in mobile is not so foolproof as data can be easily deleted by user.
Globals
String _StrCode="";
SharedPreferences preferences;
String _responseCode=null;
In oncreate but before set content view check
#Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
this.requestWindowFeature(Window.FEATURE_NO_TITLE);
preferences = getSharedPreferences("mypref", 0);
_StrCode= preferences.getString("Code", _StrCode);
if(_StrCode.equalsIgnoreCase("")){
setContentView(R.layout.activity_qdc_status__launcher);
// here you can assign a value to
_StrCode ="some value";
Editor prefsEditor = preferences .edit();
prefsEditor.putString("Code",_StrCode);
prefsEditor.commit();
}else{
Intent _in= new Intent(firstscreen,secondscreen.class);
startActivity(_in);
finish();
}
}
i hope this will halp you and its easy to understand too.
sharedPreferences = context.getSharedPreferences("preference",0);
Editor editor = sharedPreferences.edit();
editor.putString("clientId","MY_CLIENT_ID");
editor.putString("clientSecret","MY_SECRET_KEY");
editor.commit();
In the above code, I am hard coding both client id and secret key in my android app. Since, These two are very sensitive data, How can I store them in a secured way ?
You store it in a secure way in SharedPreferences by calling the SharedPreferences file in private mode:
SharedPreferences prefs = getSharedPreferences( "Your_file_name", Context.MODE_PRIVATE );
Only your application can access this. There is no way for other applications or the user to see the contents of the preferences, unless you implement code to show it, of course!
You're doing just fine, although you should use MODE_PRIVATE instead of 0, because in the future, the value of MODE_PRIVATE might change, which would make a hard 0 behave different from MODE_PRIVATE.
I am loading a PreferenceScreen from an xml file to use as the screen to configure a new event so I'm attempting to clear and reset the values of the SharedPreference this activity is using. The problem I'm encountering is that when attempting to move to using a named preference manager, it seems the preference gets cleared but when I select an EditTextPreference element, the old data is still the default entered text on the popup.
In my onCreate method I'm attempting to initialize the preferences, clear them, then set to default values. My understanding from the dev resources were that there's no way to clear/reset in one step..
private static final String PREFNAME = "newmeetingactivity.preferences";
//load preferences and set name
addPreferencesFromResource(R.layout.newmeeting_preferences);
getPreferenceManager().setSharedPreferencesName(PREFNAME);
getPreferenceManager().setSharedPreferencesMode(MODE_PRIVATE);
//Clear the preferences
_sharedPreferences = getPreferenceManager().getSharedPreferences();
SharedPreferences.Editor ed = _sharedPreferences.edit();
ed.clear();
ed.commit();
//Load default preferences from file again
PreferenceManager.setDefaultValues(this, _sharedPreferences.toString() , MODE_PRIVATE, R.layout.newmeeting_preferences, true);
Edit: To try to better explain what I'm attempting to do (in case my approach is way off): I need to clear shared preferences used on a given activity while not interfering with the settings from other activities (as they should persist indefinitely).
Could you instead try using the PreferenceManager.getDefaultSharedPreferences(context) to get your prefs.
Edit:
adb shell into your application after you choose to reset the values. If you look at the preference file you will see that it's default value has been set. Try refreshing your activity. One way I did this was by simply killing it from the Applications menu. When the activity restarts it will have the expected default value.