yeah so the server does not support OAuth or OpenId based authentication for now and that path is closed. What are other options i have.
On Tuesday, August 26, 2014 12:45:43 PM UTC+5:30, Dominik Schürmann wrote: > > If you want to save passwords you are either implementing an ancient > authentication protocol or doing it wrong. > > Solution: > Implement OAuth for your service and then implement your own > authenticator on Android > ( > http://udinic.wordpress.com/2013/04/24/write-your-own-android-authenticator/). > > > This way you never need to store passwords, you store a refresh_token > which can be revoked via a webinterface by users if their smartphone has > been compromised. > > Regards > Dominik > > On 08/12/2014 01:28 PM, Kapil Gambhir wrote: > > What is the recommended approach for an app to securely store the > > username/password credential on android, so that no one else can sniff > that > > sensitive data. Bigger issue being that most of the users dont use the > > whole disk encryption. > > I was playing around with SharedPreferences(seems to be clear text), > > AccountManager(not encrypted) and KeyChain(not for passwords but keys > and > > certificates) but because of the reason mentioned in braces am not sure > of > > the right approach to store the user credentials so that its security is > > respected. On the wire, the app would be using SSL, so that part if > > covered, its largely the on the device storage of secured credentials. > > > > Any help will be highly appreciated. > > > > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/android-security-discuss. For more options, visit https://groups.google.com/d/optout.
