Why avoid plain SharedPreferences for secrets and what to use?
Tests data-at-rest security awareness. A strong answer notes plain SharedPreferences writes unencrypted XML that rooted users or backups expose, then names EncryptedSharedPreferences with Android Keystore.
Tests your understanding of Android data-at-rest security. A strong answer covers: first, plain SharedPreferences writes plaintext XML readable on rooted devices or via backups; second, the Android Keystore provides hardware-backed key storage; third, EncryptedSharedPreferences from Jetpack Security encrypts keys and values with AES256 and stores the master key in the Keystore; fourth, avoid on-device secrets when possible. Red flag: suggesting obfuscation, hardcoding, or claiming file-system permissions alone prevent extraction.
Read the original → developer.android.com
- #android
- #security
- #sharedpreferences
- #keystore
- #jetpack
Get five bites like this every day.
Tezvyn delivers a daily feed of 60-second tech bites with quizzes to lock in what you learn.