By definition, if the user has root, they can get to whatever they want. Now you can make this more difficult for them, by doing things like encrypting your data and trying to be as careful as you can about where you put the encryption key (for ex get it over the network, only keep it in RAM, never let it be written to storage), but you would probably want to do that yourself since relying on the platform to do so just makes it easier for the user to subvert.
On Mon, Sep 14, 2009 at 11:07 PM, Andrei Bucur <andrei.bu...@gmail.com>wrote: > So basically storing private data on the phone is actually impossible? I > must implement a system that needs to store some information at some times > in application lifetime. This information must not be deleted / modified in > any way because of security issues (the user could trick the system). > Is there a way to this on a rooted phone (I'm pretty sure it's not... but > the question worths a shot)? > > Thanks! > > On Tue, Sep 15, 2009 at 2:39 AM, Romain Guy <romain...@google.com> wrote: > >> >> The content of shared preferences is, currently, stored in an XML file >> in the data partition. Only your app has the permission to look into >> the directory that contains the XML file but if your user has a rooted >> phone then all bets are off. >> >> On Mon, Sep 14, 2009 at 4:10 PM, bkbonner <brian.bon...@paraware.com> >> wrote: >> > >> > We want to store credentials for a user to a web service so the user >> > doesn't have to repeatedly login, but we're concerned about security. >> > We can't store a hash on the database, but we could probably use JCE >> > encryption locally. >> > >> > Is the content in SharedPreferences secured on the Android device? >> > >> > Brian >> > > >> > >> >> >> >> -- >> Romain Guy >> Android framework engineer >> romain...@android.com >> >> Note: please don't send private questions to me, as I don't have time >> to provide private support. All such questions should be posted on >> public forums, where I and others can see and answer them >> >> >> > > > > -- Dianne Hackborn Android framework engineer hack...@android.com Note: please don't send private questions to me, as I don't have time to provide private support, and so won't reply to such e-mails. All such questions should be posted on public forums, where I and others can see and answer them. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en -~----------~----~----~----~------~----~------~--~---
