tags:

views:

35

answers:

1
+2  Q: 

android data storage question

Hello I would like to know if it is possible to for some application other my own to change a preference value of my application.Also are the preferences been kept by android when the phone is turned off?

is it safe to store some data(flags) on sharedpreferences in order to notify an activity for something?

when user clears the application data what exactly is erased,shared preferences data?

is it prefered to use an internal private file to store secure data? such ass passwords?

also I would like to be able to show a dialog when I detect a certain behavior, for this I have a monitoring service that has to notify the main activity about that. currently this is done through a callback method but I would like to maintain that state even if the application is killed or the phone reboots.

so I thought of setting a sharedpreference value (flag) and then on the oncreate method check if that flag exists. Also should I also check on the resume method?

Thanks a lot and sorry for the amount of questions but I am a little confused. regards maxsap

+3  A: 

Preferences (including SharedPreferences) are stored in files under your application's private data directory. No other application can read or write there, unless the phone has been rooted. This internal storage is flash-based and survives the phone being turned off... not much would work if it didn't. :)

As a general security principle you should never store a password. Secure systems store and compare password hashes, not the passwords themselves.

It's fine to store application state in preference data... personally I'd read it in onCreate() and thereafter write the value back to preferences either at the point it changes or in onPause().

Reuben Scratton  2010-10-19 13:47:52
Thanks a lot for the responce, but if the device is rooted this means that the user can alter those files right? is there a way that prevents the user for altering those files even if the device get rooted?
maxsap  2010-10-19 13:56:53
If the device is rooted, all files are vulnerable and there is no way to 100% guarantee that a file hasn't been tampered with. Your next line of defence is therefore to make it as hard as possible for anything but your app to generate valid preference values. This means getting familiar with the encryption APIs in javax.crypto. Assuming you really need to care this much. :)
Reuben Scratton  2010-10-19 14:10:10

related questions

How do I find the DNS servers in Android from a Java program?
Will JavaFX work on Android?
Android application deployment
How to copy text programatically in my Android app?
Android API for detecting new media from inbuilt camera & mic
What can you not do on the Dalvik VM (Android's VM) that you can in Sun VM?
create Raw socket in Android
Will Google Android ever support .NET?
Is there a way to import a 3D model into Android?
Does Android WebView need permissions for opening external URLs?
Getting started with mobile programming. What is a good platform ?
How do I save an Android application's state?
Porting Android's Java VM to the iPhone?
Making Eclipse behave like Visual Studio
Getting started with Android
Sleep a thread until an event is attended in another thread
How well does the Android Phone Emulator reflect the performance?
Is there any way to run Python on Android ?
moving to android from j2me
What work has been done on cross-platform mobile development?
Updating Android Tab Icons
Is there a multiplatform framework for developing iPhone / Android applications?
Proxy with Android Emulator
Using ItemizedOverlay and OverlayItem In Android Beta 0.9
Android Development