I have an app which has a user login to a webservice (username + password). I need to store the user's username and password somewhere to auto-log them in (otherwise they have to enter username + password every time).
I have stored the username + password in SharedPreferences like so:
SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(this);
Editor editor = prefs.edit();
editor.put("username", "the username");
editor.put("password", "the password");
editor.commit();
If I understand correctly, the actual file that shared prefs writes to is not accessible fr开发者_运维知识库om other third party apps, correct? Therefore it's ok to store the username + password here?
If I hook up devices to DDMS, I cannot see the shared prefs files (good). If I use the emulator, I can see them.
Thanks
They shouldn't normally be accessible by other applications, but on a rooted device they can be accessed quite easily.
You may want to encrypt/decrypt the strings as your store and load them.
That is correct. Nevertheless, the file is a regular xml file that could be accessible by any file explorer in a rooted phone, so you should encrypt your data anyway. Never assume that the app will not be used in a rooted phone. Even if the user won't do it, the phone can always be lost/stolen and rooted to extract information.
To answer the question in your comment:
To obtain a SharedPreferences instance (either the default or any custom one) you need the Activity context, which is inaccessible by any other app.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论