Is there a way to securely store user data on an A

2020-02-23 04:55发布

问题:

I'm writing an application wherein users will sometimes make orders through it. I want to give users the option to save their billing info (name, address, etc.) so that it can be quickly restored later if they want to make another order. The user will enter a password to secure the data.

Obviously I can't just put this as a file on the device, as anyone can root/find the data. Is there a built-in Android method for storing secure data that is locked with a password? If not, what is a good place to start for storing this data securely using Java?

Edit: To clarify, when I say that the user will enter a password, I don't mean that I've come up with a way to secure the data yet. I'm just trying to convey the method with which the user will secure the data on their end; now I'm trying to figure out how to keep my end of the bargain. :)

回答1:

You could use the included javax.crypto classes to encrypt any sensitive information.

You can view the source code of the Secrets for Android application for some examples.

Secrets for Android is an application to securely store and manage passwords and secrets on your Android phone. It uses techniques like strong encryption and auto-logout to help ensure that your secrets remain safe (assuming you use a good master password!). Context-sensitive tips guide you along through its operation, making it easy to use.



回答2:

Obviously I can't just put this as a file on the device, as anyone can root/find the data.

True, but if you allow the user to define a password for the backup file, somebody who stole the file would still need to crack the encryption. They can find out the algorithm you're using, but not the password.

Is there a built-in Android method for storing secure data that is locked with a password?

Android itself does not offer an encrypted file store. You can encrypt files yourself, which is what I assumed you were doing when you wrote that the "user will enter a password to secure the data".



回答3:

Have a look at SQLCipher for Android. You can store that info in a database and then encrypt it with 256-bit AES. http://sqlcipher.net/sqlcipher-for-android/ The main project is propriatery but you can get the Android binaries for free through their GitHub, as well as some usage examples.