{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 路过你的时光 的问题《What is the most appropriate way to store user set》','https://www.manongdao.com/q-4373.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I am creating an application which connects to the server using username/password and I would like to enable the option "Save password" so the user wouldn't have to type the password each time the application starts.
I was trying to do it with Shared Preferences but am not sure if this is the best solution.
I would appreciate any suggestion on how to store user values/settings in Android application.
you need to use the sqlite, security apit to store the passwords. here is best example, which stores passwords, -- passwordsafe. here is link for the source and explanation -- http://code.google.com/p/android-passwordsafe/
shared preferences is easiest way to store our application data. but it is possible that anyone can clear our shared preferences data through application manager.so i don't think it is completely safe for our application.
In general SharedPreferences are your best bet for storing preferences, so in general I'd recommend that approach for saving application and user settings.
The only area of concern here is what you're saving. Passwords are always a tricky thing to store, and I'd be particularly wary of storing them as clear text. The Android architecture is such that your application's SharedPreferences are sandboxed to prevent other applications from being able to access the values so there's some security there, but physical access to a phone could potentially allow access to the values.
If possible I'd consider modifying the server to use a negotiated token for providing access, something like OAuth. Alternatively you may need to construct some sort of cryptographic store, though that's non-trivial. At the very least, make sure you're encrypting the password before writing it to disk.
About the simplest way to store a single preference in an Android Activity is to do something like this:
If you're worried about the security of these then you could always encrypt the password before storing it.
First of all I think User's data shouldn't be stored on phone, and if it is must to store data somewhere on the phone it should be encrypted with in the apps private data. Security of users credentials should be the priority of the application.
The sensitive data should be stored securely or not at all. In the event of a lost device or malware infection, data stored insecurely can be compromised.
I use the Android KeyStore to encrypt the password using RSA in ECB mode and then save it in the SharedPreferences.
When I want the password back I read the encrypted one from the SharedPreferences and decrypt it using the KeyStore.
With this method you generate a public/private Key-pair where the private one is safely stored and managed by Android.
Here is a link on how to do this: Android KeyStore Tutorial