What is the recommended approach for an app to securely store the username/password credential on android, so that no one else can sniff that sensitive data. Bigger issue being that most of the users dont use the whole disk encryption. I was playing around with SharedPreferences(seems to be clear text), AccountManager(not encrypted) and KeyChain(not for passwords but keys and certificates) but because of the reason mentioned in braces am not sure of the right approach to store the user credentials so that its security is respected. On the wire, the app would be using SSL, so that part if covered, its largely the on the device storage of secured credentials.
Any help will be highly appreciated. -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/android-security-discuss. For more options, visit https://groups.google.com/d/optout.
