Android的安全存储密钥 [英] Android Secure Storage Key
问题描述
我在哪里需要存储将与每个请求在Anderoid申请提交身份验证令牌?我问了一个安全的存储位置,例如iPhone有钥匙扣,有没有Anderoid同等的服务?在$共享存储是$ p安全pferences与否?
Where do I need to store the authentication token which will be submitted with each request in an Anderoid application? I'm asking for a secure storage location, for example iphone has keychain, is there an equivalent service in Anderoid? Is storing in shared preferences secure or not?
推荐答案
在4.3以上版本的Android有一些所谓AndoridKeystore这大致相当于iOS的钥匙链。 这里的是一个很好的博客写上去它和官方 API示例项目。
In Android 4.3+ there is something called AndoridKeystore which is roughly equivalent to iOS key chain. Here's a good blog write up of it and official API sample project.
在一般来说,如果你的创建 Context.MODE_PRIVATE 您的共享preferences他们只能通过你的应用程序(或您的密钥签名的其他应用程序)进行访问。但是,如果该设备是植根他们的用户和任何应用程序可能读取您的应用程序的私有共享preferences。
In general if your create your shared preferences with Context.MODE_PRIVATE they are only accessible by your application (or other app signed by your key). However if the device is rooted they the user and any app could potentially read your app's private shared preferences.
我帮助创建和维护一个名为库安全 - preferences 以混淆键和存储在共享preferences值,使其更难攻击者,并要求再进行逆向工程应用程序(虽然这不是火箭科学)。一个很好的替代安全 - preferences是 CWAC- preFS 通过马克·墨菲是由SQLcipher支持。
I helped create and maintain a library called secure-preferences to obfuscate key and values that are stored in the shared preferences to make it harder for attackers and require then to reverse engineer the app (although that's not rocket science). A good alternative to secure-preferences is CWAC-prefs by Mark Murphy which is backed by SQLcipher.
这篇关于Android的安全存储密钥的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
