tags:

views:

353

answers:

2
+4  Q: 

Is there a way to securely store user data on an Android device?

I'm writing an application wherein users will sometimes make orders through it. I want to give users the option to save their billing info (name, address, etc.) so that it can be quickly restored later if they want to make another order. The user will enter a password to secure the data.

Obviously I can't just put this as a file on the device, as anyone can root/find the data. Is there a built-in Android method for storing secure data that is locked with a password? If not, what is a good place to start for storing this data securely using Java?

Edit: To clarify, when I say that the user will enter a password, I don't mean that I've come up with a way to secure the data yet. I'm just trying to convey the method with which the user will secure the data on their end; now I'm trying to figure out how to keep my end of the bargain. :)

+4  A: 

Obviously I can't just put this as a file on the device, as anyone can root/find the data.

True, but if you allow the user to define a password for the backup file, somebody who stole the file would still need to crack the encryption. They can find out the algorithm you're using, but not the password.

Is there a built-in Android method for storing secure data that is locked with a password?

Android itself does not offer an encrypted file store. You can encrypt files yourself, which is what I assumed you were doing when you wrote that the "user will enter a password to secure the data".

CommonsWare  2010-04-09 13:15:56
+6  A: 

You could use the included javax.crypto classes to encrypt any sensitive information.

You can view the source code of the Secrets for Android application for some examples.

Secrets for Android is an application to securely store and manage passwords and secrets on your Android phone. It uses techniques like strong encryption and auto-logout to help ensure that your secrets remain safe (assuming you use a good master password!). Context-sensitive tips guide you along through its operation, making it easy to use.

Steve  2010-04-09 13:18:28

related questions

Java Time Zone is messed up
Eclipse on win64
Automate builds for Java RCP for deployment with JNLP
Why are professors or schools picking Java over C++ to teach to students?
Is there a real benefit of using J#?
Public/Popular Websites using JavaServer Faces
Why can't I use a try block around my super() call?
Accessing post variables using Java Servlets
Personal Linux web server
Is this really widening vs autoboxing?
How can I Java webstart multiple, dependent, native libraries?
Why can't I call toString() on a Java primitive?
How do I use Java to read from a file that is actively being written?
What code analysis tools do you use for your Java projects?
IllegalArgumentException or NullPointerException for a null parameter?
How do I configure and communicate with a serial port?
What is the best way to parse strings in Java
Getting started with a custom JXTA PeerGroup
Creating a custom button in Java
How to get started "writing" a code coverage tool?
Which Build-/Configuration Management Tool?
What is the difference between an int and an Integer in Java/C#?
What is the meaning of the type safety warning in certain Java generics casts?
How would you access Object properties from within an object method?
Converting CSV File to XML in Java