Best IT Recipes

Android Keychain for user credentials

Is there an equivalent of iOS keychain on Android?

My understanding of the Preferences API is that it is not encrypted. For my application, it doesn’t matter if these credentials are stored on different devices (for example, if you use the iPhone type Keychain in Android? )

I also looked at the KeyStore API , but it looks like it left the actual user credential store up to the application developer.

Thanks for your help!

+64
android keychain
Feb 04 2018-11-12T00:
source share
4 answers

The short answer is, it is not. But you can expect the file system to be safe.

Each application runs under a different user, and the file system used to store application data is provided with the usual UNIX user permissions. Thus, each access to application files is by default sandboxed. The file system can also be encrypted.

This page from the developer's site explains this better: http://developer.android.com/guide/topics/security/security.html

+9
Mar 16 '11 at 16:13
source share

@DJPlayer answer extension:

Some relevant articles. The third includes a github application that demonstrates the use of a keystore provider to generate keys and then encrypt strings.

Also see Android storage options for ways to store an encrypted password - my recommendation is general settings.

Please note that according to the second article with root permissions and little knowledge of how your application uses the keystore (which may be available to decompile your apk), you can grab the private key and use it to decrypt the encrypted material (for example: a saved password)

+3
Oct 12 '15 at 8:34
source share

Actually there are:

By integrating Smart Lock for passwords into your Android application, you can automatically sign users in your application using the credentials that they saved. Users can save user and password credentials and federated identity credentials.

Integrate Smart Lock for passwords into your application using the credential API to retrieve stored credentials at login. use to successfully obtain credentials to sign a user or use the credentials API to quickly introduce new users by partially terminating your application has registered or registered. Prompt users after logging in or registering to save their credentials for future automatic authentication.

https://developers.google.com/identity/smartlock-passwords/android/

+1
Jun 28 '17 at 11:01
source share

http://developer.android.com/reference/android/security/KeyChain.html

Keychain for OS 4.0

-3
Oct 19 2018-11-15T00:
source share


More articles:


All Articles