
What is the most appropriate way to store user settings in Android application(在Android应用程序中存储用户设置的最合适方法是什么)




I am creating an application which connects to the server using username/password and I would like to enable the option "Save password" so the user wouldn't have to type the password each time the application starts.


I was trying to do it with Shared Preferences but am not sure if this is the best solution.

如果有任何关于如何在 Android 应用程序中存储用户值/设置的建议,我将不胜感激.

I would appreciate any suggestion on how to store user values/settings in Android application.


一般来说,SharedPreferences 是您存储首选项的最佳选择,所以一般来说我会推荐这种方法来保存应用程序和用户设置.

In general SharedPreferences are your best bet for storing preferences, so in general I'd recommend that approach for saving application and user settings.

这里唯一需要关注的是您要保存的内容.存储密码总是一件棘手的事情,我会特别小心将它们存储为明文.Android 架构是这样的,您的应用程序的 SharedPreferences 被沙盒化,以防止其他应用程序能够访问这些值,因此那里有一些安全性,但对手机的物理访问可能会允许访问这些值.

The only area of concern here is what you're saving. Passwords are always a tricky thing to store, and I'd be particularly wary of storing them as clear text. The Android architecture is such that your application's SharedPreferences are sandboxed to prevent other applications from being able to access the values so there's some security there, but physical access to a phone could potentially allow access to the values.

如果可能,我会考虑修改服务器以使用协商令牌来提供访问权限,例如 OAuth.或者,您可能需要构建某种加密存储,尽管这并非易事.至少,确保在将密码写入磁盘之前对其进行了加密.

If possible I'd consider modifying the server to use a negotiated token for providing access, something like OAuth. Alternatively you may need to construct some sort of cryptographic store, though that's non-trivial. At the very least, make sure you're encrypting the password before writing it to disk.


