Teo, using SharedPreferences with MODE_PRIVATE should be "safe" in the sense that other application cannot snoop in there.
Using an SQLite database is not more or less secure than SharedPreferences. Both are stored in the data folder of your application, the security of which is provided by the underlying linux system. (Note that rooted devices do not provide this security, because any application can possibly become root and do whatever it wants on the phone, AFAIK. But that's the user's risk when rooting a device.) Also, there's currently no central password store provided by the Android SDK. There's a project called CryptoIntents that you could make use of to store the password encrypted. This requires the user to enter a master password whenever you want to access the unencrypted password (with some timeout). http://code.google.com/p/openintents/wiki/CryptoIntents For authentication at Google services, I think there's a plan to allow apps to obtain an auth token for the Google account associated with the device. See this discussion: http://groups.google.com/group/android-developers/browse_thread/thread/f63f19acb691c980/ddc37cd8e23d56c8?lnk=raot Christoph On Sat, Feb 7, 2009 at 4:54 PM, Teo <teomina...@gmail.com> wrote: > Thanks for the reply. I'll only have one password per device - as for the > device borrowing (if i understood correctly what you said) i'm not sure i > can do anything about that :) > The thing is, i asked this question becase it's called 'Shared'Preferences. > But i've seen that it also has a MODE_PRIVATE parameter, and according to > the docs: > > the created file can only be accessed by the calling application (or all > applications sharing the same user ID). > > And again, according to the docs: > > Each Android package (.apk) file installed on the device is given its own > unique Linux user ID, creating a sandbox for it and preventing it from > touching other applications (or other applications from touching it). This > user ID is assigned to it when the application is installed on the device, > and remains constant for the duration of its life on that device. > > So i guess this should be enough, unless i'm missing something... (SQLite > would be a nice solution but it doesn't seem natural to me for individual > settings) > Thanks, > Teo > On Sat, Feb 7, 2009 at 5:29 PM, Fred Grott(shareme) <fred.gr...@gmail.com> > wrote: >> >> SQLite stores user data by the app package name. if you did a db >> scehma that allowed for more than one user than it would be a safe way >> to go assuming that your popular app is borrowed along with device >> among friends.. >> >> >> >> On Feb 7, 8:31 am, Teo <teomina...@gmail.com> wrote: >> > Hi, >> > >> > i'm implementing a feature that requires a password, is it safe to >> > store using SharedPreferences.Editor? Is there another recommended way >> > for storing passwords? >> > >> > Thanks, >> > Teo >> > > > > -- > Teo (a.k.a. Teominator a.k.a. Teodor Filimon) > site www.teodorfilimon.com | blog www.teodorfilimon.blogspot.com > GMT +2 > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers-unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en -~----------~----~----~----~------~----~------~--~---
