If I want to store the username and password to be used inside an Android application, what is the best way to do it? Is it through the preferences screen (but what if the user misses this?), or pop up a dialog box and ask the user for the credentials? If so, I do have to maintain state for the application. How would I do this?
+2
A:
I think the easiest approach is to persist the credentials using the Preferences mechanism. Other applications won't be able to access your preferences, so the user's information is not easily exposed. Optionally, you can use a database table or file.
Most Android and iPhone apps I have seen use an initial screen or dialog box to ask for credentials. I think it is cumbersome for the user to have to re-enter their name/password often, so storing that info makes sense from a usability perspective.
elevine
2009-12-18 00:24:29
I would say it's risky to persist password information as is in preferences. On rooted phones it is possible to access the preferences file of an app. The least you can do is obfuscate the password.
Jayesh
2009-12-18 18:15:52
If someone has your phone and is able to root it, there is not a whole lot you are going to be able to do to keep your data safe. Its not a bad idea to obfuscate the password, but it isn't really adding that much more protection. What is more important is that there are many layers of security already built into the OS. Of course, you don't want to do anything stupid to circumvent those measures. It is probably better to use a system like OAuth, and store a token on the device instead of the username and password.
elevine
2010-08-11 15:42:29
A:
You can also look at this sample from the SDK. It may help you.
Miguel Vitorino
2010-08-21 20:19:38