> I'm just > trying to understand how secure is SharedPreferences and what alternatives > are there, that's all.
On a rooted device SharedPreferences absolutely can be tampered with. Same with any on-device storage. However this doesn't mean you can't use them. 1) Obfuscation. This is how Google recommends handling LVL data in shared prefs. This is not secure as someone could reverse engineer the obfuscator, but it makes it a pain in the ass and generally not worth it (easier to crack the APK itself). Check out the PreferenceObfuscator used for LVL: http://code.google.com/p/marketlicensing/source/browse/library/src/com/android/vending/licensing/PreferenceObfuscator.java . It gives you stuff like this: <string name="5">h99XZgr +0i5N2SN0lEDu592x14RTrTj6/VOCCnxGokeazVz9bfLW793kkXg01kaBsJa1/</ string> You can seed the obfuscator with a device id of some kind to prevent users from just copying shared prefs from one device to another. 2) Server signed data. When you authenticate your coupon, instead of saving a "true" or "false", save a string from your server that is cryptographically signed. At the launch of the app you can verify this signature even without internet access. Again this is similar to the LVL approach. It might be too much work as crypto is very confusing. --- Along the lines of what others are saying, don't invest too much in anti-piracy stuff. Release and see what happens, if no one cracks it then don't waste any more time. If it's cracked, look at how they did it and block it in the next update. Keep adding features in updates will keep current and future legit users happy, and have the pirates always playing catch up to the latest version until they get sick of it and just buy it. -Kevin -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
