Well, If the phone is rooted, then anyone can peek into your DB. If you store it in simple text, you are at the hacker's mercy.
The password's should be stored in the DB/file after encryption. That will give you some degree of safety. As per sending a mail with the password, that's a tricky one. If possible, you can have an option of password re-generation and show it on the device itself if you are not comfortable with sending out a mail. It's would be very difficult for a hacker to decrypt your security question and answer as well. But it's still doable. Maybe, you can use different encryption techniques for password, security question and answer. Thanks and Regards, Kumar Bibek On Apr 23, 1:59 am, Bryan <bryguy0...@gmail.com> wrote: > I have been searching on google for information regarding application > passwords and SQLite security for some time, and nothing that I have > found has really answered my questions. > > Here is what I am trying to figure out: > > 1) My application is going to have an optional password activity that > will be called when the application is first opened. My questions for > this are a) If I store the password via android preference or SQLite > database, how can I ensure security and privacy for the password, and > b) how should password recovery be handled? > > Regarding b) from above, I have thought about requiring an email > address when the password feature is enabled, and also a password hint > question for use when requesting password recovery. Upon successfully > answering the hint question, the password is then emailed to the email > address that was submitted. I am not completely confident in the > security and privacy of the email method, especially if the email is > sent when the user is connected to an open, public wireless network. > > 2) My application will be using an SQLite database, which will be > stored on the SD card if the user has one. Regardless of whether it > is stored on the phone or the SD card, what options do I have for data > encryption, and how does that affect the application performance? > > Thanks in advance for time taken to answer these questions. I think > that there may be other developers struggling with the same concerns. > > -- > You received this message because you are subscribed to the Google > Groups "Android Developers" group. > To post to this group, send email to android-developers@googlegroups.com > To unsubscribe from this group, send email to > android-developers+unsubscr...@googlegroups.com > For more options, visit this group > athttp://groups.google.com/group/android-developers?hl=en -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
