Home/ Questions/Q 8281937
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-08T10:12:19+00:00

I’m developing an Android app which based on a web-server. Users, who installed the

  • 0

I’m developing an Android app which based on a web-server. Users, who installed the app, should register on web, so they can login. When someone try to login I verify their information with API.

So I’m curious about persisting and encryption processes. Should I encrypt the values or just put them all to SharedPreferences? If encryption is needed what’s the efficient way?

And last but not least, Is SharedPreferences enough in terms of security?

Thanks.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Of course you should encrypt user settings like login, password or maybe email. I prefer SharedPreferences for storing, and yes it’s enough in terms of security.

    I’ve found this two method on StackOverflow, it’s fair enough:

    protected String encrypt( String value ) {
    try {
        final byte[] bytes = value!=null ? value.getBytes(UTF8) : new byte[0];
        SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("PBEWithMD5AndDES");
        SecretKey key = keyFactory.generateSecret(new PBEKeySpec(SEKRIT));
        Cipher pbeCipher = Cipher.getInstance("PBEWithMD5AndDES");
        pbeCipher.init(Cipher.ENCRYPT_MODE, key, new PBEParameterSpec(Settings.Secure.getString(context.getContentResolver(),Settings.System.ANDROID_ID).getBytes(UTF8), 20));
        return new String(Base64.encode(pbeCipher.doFinal(bytes), Base64.NO_WRAP),UTF8);
    } catch( Exception e ) {
        throw new RuntimeException(e);
    }
}

protected String decrypt(String value){
    try {
        final byte[] bytes = value!=null ? Base64.decode(value,Base64.DEFAULT) : new byte[0];
        SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("PBEWithMD5AndDES");
        SecretKey key = keyFactory.generateSecret(new PBEKeySpec(SEKRIT));
        Cipher pbeCipher = Cipher.getInstance("PBEWithMD5AndDES");
        pbeCipher.init(Cipher.DECRYPT_MODE, key, new PBEParameterSpec(Settings.Secure.getString(context.getContentResolver(),Settings.System.ANDROID_ID).getBytes(UTF8), 20));
        return new String(pbeCipher.doFinal(bytes),UTF8);
    } catch( Exception e) {
        throw new RuntimeException(e);
    }
}

    Couldn’t find link, if I found, I’ll edit my answer.

    Edit: I found the source, you may have a look at all discussion on here.

    • 0