OK - there is a lot of information out there on this subject, a lot of it is conflicting and some of it is probably outdated by now. I am hoping that some clear, concise answers will help clear my confusion.
I am new to developing Android applications and I am currently developing a prototype. I am currently storing a username and password for an Account via the AccountManager. My understanding is that the AccountManager stores the username and password in plain text. On non-rooted devices this seems to be relatively OK because the AccountManager DB requires root permissions. However, on rooted devices the username and password will be compromised. *How easy is it to gain root access/jailbreak an Android device?* Should I be concerned and assume that relying solely on AccountManager permissions is a bad idea (that is my opinion at the moment). I understand that the best approach is to ask the server for a token during authentication and never store the password, only the token. However, for the time being, *is there a "one step better" than plain text?.* I was thinking about encrypting/decrypting somehow (hashing is of no use as I need to be able to get the original password as plain text) - but then I have the problem of storing a key somewhere?. Any advice would be greatly appreciated. -- -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en --- You received this message because you are subscribed to the Google Groups "Android Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
