How to securely store credentials (password) in Android application?

by

The is no equivalent of iPhone’s KeyChain in Android currently. If you want to keep something secret, don’t store it on the device. Or at least, don’t store the key/password it is encrypted with on the device. Simple as that.

Additionally:

1) Even on ICS, you cannot use the KeyChain directly to store application secrets (see blog post in 3))

2) This is only a problem for rooted phones, or if someone has physical access to the device.

3) It is a lot better to remember a single password, protecting all of you credentials, than trying to remember multiple passwords. Additionally, on ICS, there is no separate password, the credential storage is protected by the device unlock password.

More Related Contents:

  1. How to avoid reverse engineering of an APK file
  2. How do I prevent Android taking a screenshot when my app goes to the background?
  3. How to prevent Screen Capture in Android
  4. How to encrypt and decrypt file in Android?
  5. How permission can be checked at runtime without throwing SecurityException?
  6. Android SharedPreference security
  7. Restrict API requests to only my own mobile app
  8. android: Determine security type of wifi networks in range (without connecting to them)
  9. How to securely store access token and secret in Android?
  10. How to Secure Android Shared Preferences?
  11. Best way to secure Android app sensitive Data?
  12. How to keep the OAuth consumer secret safe, and how to react when it’s compromised?
  13. How to secure my app against piracy
  14. How to enable AutoStart option for my App in Xiaomi phone Security App programmatically in android
  15. How to prevent NFC tag cloning?
  16. Google Play security alert for insecure TrustManager
  17. How to use an API from my mobile app without someone stealing the token
  18. How to manage installation from Unknown Sources in Android Oreo?
  19. How can I showing checkbox when I choose the spinner data?
  20. how to insert a data into database using android studio and phpmyadmin(wampserver)?
  21. In eclipse, unable to reference an android library project in another android project
  22. getting context in AsyncTask
  23. Android VpnService to capture packets won’t capture packets
  24. What method should I use now since FirebaseInstanceId.getInstance().getToken() is deprecated [duplicate]
  25. Android: how to draw a border to a LinearLayout
  26. How to fix “Fail to connect to camera service” exception in Android emulator
  27. Android test code coverage with JaCoCo Gradle plugin
  28. Android: Save file permanently (even after clear data / uninstall)
  29. Making SSLEngine use TLSv1.2 on Android (4.4.2)?
  30. How to get a contact’s facebook id or url from native contacts / content resolver?

Leave a Comment