In my application, I use a variety of SharedPreferences settings that are used throughout the entire application. The program itself is designed to deploy a web service on a mobile device. In the settings I have a lot of some "secret" data. Honestly, I am not sure that if a person without an adequate level of his knowledge gets access to these settings, he will be able to use them somehow. But if some craftsman can still access the data bypassing the program, then I think that this is not good. For example, in these settings I have the server address, the tokens that I save there - this is the information to which I think that I don’t need to get access to anyone.

In general, you can access this information if you have root-rights on the phone. Here I am through the studio and through the phone I was able to find this data. Here I have a question - you need to start digging in the direction of encrypting data that is stored on a mobile device, and if you still need it, then how best to implement it.

I hope I am not the first who has been bothered by this question, and there will be someone who can help me. I really hope for your help.

  • Does the application work with the network? Store the data on the server as an option - danilshik
  • Yes, the application works with the network, but for example, to send a request to the server, you need the server address, which is stored in the settings, or for example, I have two tokens, they are already on the server, but in the application, they are used to access information or update the token . - Andrew Goroshko September
  • Where there is encryption and there is a decoder, you simply do not need to store anything important on the client and everything will be ok. - And
  • @And, I don’t really understand yet, to be honest, for example, after receiving a pair of tokens, I save them, and I can then find them in files, the server address is also stored on the device, the application logic is such that I constantly pull all these settings from Three variables, I think this is quite important information, but I do not know how to store this information on the server and receive it without a token, and how will I contact the server, the address of which I do not have, since it is on the server itself? it's just hard for me to imagine it) - Andrew Goroshko September
  • Where is the logic? How to hide the address, you refer to it? He does not need to hide. It is just necessary at each input of the user, to generate for example new tokens. - And

0