I know that I can set the values to be ‘MODE_PRIVATE’ and only my application/userId will be able to access them, however, is there any way for the user to access these at any point? So is it ‘safe’ to store these in Shared Preferences, or is there a better place?
Furthermore, if I later decide to expose some preferences for setting by the user, would I be able to hide these values?
Thank you.
Edit: I know about Internal Storage as well, but am wondering if I can achieve something simpler with Shared Preferences.
Shared Preferences are just a plain-text XML file stored in the application’s data folder. This is not a secure location, by any means. It’s quite easy to view these files and extract the tokens. You can still use the Shared Preferences but you need to encrypt the information you are storing. As for “Internal Storage”, those share the same location with the “Shared Preferences”, so they’re still easy to view.
Your unencrypted data is safe from OTHER applications running in the phone, but not from malicious users.