Storing sensitive data in java(android) at runtime
Question
Is it safe to store sensitive data (passwords, etc.) in usual variables at runtime?
I mean something like this:
public class MainActivity extends AppCompatActivity {
// ...
String password; // this is my password
// ...
public void click(View v) { // on some button click
password = txtPassword.getText().toString(); // txtPassword is an EditText field
// ...
}
void someMethod() {
Intent intent = new Intent(this, SomeActivity.class);
intent.putExtra(password); // password needs to be passed to other activities
startActivity(intent);
}
// ...
}
This password has to be stored until user exits app. Almost every activity needs it, so i have to pass it fro MainActivity when calling new Activity.
Is it safe to store password like on example above? If not then how should I do it?
1 answers
solution1
2 ACCPTED 2018-02-10 15:17:57
The problem is not how you use your password inside you code but how you retrieve it. For example, if you retrieve your data from an api without any kind of encryption, somebody can steal the packages in the network and get the password. Other thing is if you save your paswoord in a shared preferences, it can be easily steel it if you have access to the cellphone une a remote terminal. so, if you want to be save with you password retrieve it from an safe api and use encryption in all the process to avoid any kind of steel. After that, you can use it as you wish inside the logic of you app
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.