Android SharedPreference security

android security sharedpreferences
53,905

Solution 1

SharedPreferences are nothing but XML files in your phones /data/data/ folder,So any application or user with superuser privilages on a rooted device can access your SharedPreferences, even if they were created with MODE_PRIV

Still there is a way to protect it from everybody... Please checkout this link. Here you can store data in pref with encryption,the class is self explanatory and very easy to use.

https://github.com/sveinungkb/encrypted-userprefs

As said by others anyone can access it but in this case no one can read data inside it as it is encrypted. So its secure.For Utmost security my suggestion will be to generate the key used for encryption at run time rather than hard coding it. There are many ways to do that :)

Solution 2

Normally, no, they cannot be accessed by other apps, however, you should note that SharedPreferences are stored as XML files in the /data/data/ directory, which essentially means that any application with superuser privileges on a rooted device can access your SharedPreferences, even if they were created with MODE_PRIV

Solution 3

Is it possible to get access to sharedpreferences, even if they were created in MODE_PRIV (0) ?

By code No. But you can retrieve application file if you have super user privileged.

Is it possible to list all sharedpreferences available and then fetch all settings from other apps?

If you are super user(rooted devices) then you can pull all private files of the app.

Is sharedpreferences good place to put sensitive data, such as password or auth token?

No. It can be easily hacked. If you want to put any sensitive data in shared prefrence file you can encrypt the data and store. You can store your encryption key in NDK/server.

Share:
53,905
Marek Sebera
Author by

Marek Sebera

Updated on July 30, 2020

Comments

  • Marek Sebera
    Marek Sebera almost 4 years

    I wonder about shared preferences security.

    Is it possible to get access to sharedpreferences, even if they were created in MODE_PRIV (0) ?
    Is it possible to list all sharedpreferences available and then fetch all settings from other apps?
    Is sharedpreferences good place to put sensitive data, such as password or auth token?

    Thanks

  • Olayinka
    Olayinka over 8 years
    then how do you save the generated key?
  • Paulo Avelar
    Paulo Avelar over 8 years
    @Olayinka It'd be safer to encrypt that with yet another key and save it in a SharedPref. But then, what to do with the other key? Seriously though, best scenario would be sending the encrypted key and a device UID to a server using SSL to be stored there and retrieved as needed. That would require connectivity, but would allow you to blacklist a device and suddenly have all data trashed. Without constant internet connection, any try to encrypt data is not 100% safe.
  • Raj Trivedi
    Raj Trivedi about 7 years
    I used the above solution...it works 9 out of 10 times..but I am getting error:1e06b065:Cipher functions:EVP_DecryptFinal_ex:BAD_DECRYPT" at times..Does anyone have an idea?
  • apex39
    apex39 about 6 years
    @PauloAvelar Use Android KeyStore for long term storage and retrieval of cryptographic keys. Keys are not stored within an application, so they cannot be compromised. Provided library does not use it. It saves the secret in the code thus it is not safe.
  • John Sardinha
    John Sardinha over 4 years
    How can it be easily hacked?
  • Cuong Vo
    Cuong Vo over 4 years
    Yes the question form @Jo
  • DADi590
    DADi590 over 2 years
    @JohnSardinha I believe you can just edit the XML file as soon as you have write access to it. Then after restarting the app, the modified file will be used.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to Secure Android Shared Preferences?
How secure are SQLite and SharedPreferences files on Android?
MissingPluginException(No implementation found for method getAll on channel plugins.flutter.io/shared_preferences) while getting FCM in background
How to convert String to Time in Hour, Minute, Second as integer in flutter?
Flutter - Keeping variable's value after each app restart
How to access iOS UserDefaults stored data in Flutter SharedPrefrences
How to access android Shared preferences(using java) on the flutter end (using dart)?
How to protect Flutter app from reverse engineering
SharedPreferences not instantiating in release build
Securely Saving API Keys In Android (flutter) Apps