Android:将身份验证令牌存储在共享首选项中是个好主意吗? [英] Android: Is it a good idea to store Authentication Token in Shared Preferences?

问题描述

我有一个与服务器通信的应用程序. 当用户登录到应用程序时，身份验证令牌将在服务器上创建并存储在应用程序的SharedPreferences中，并且每当应用程序从Web服务请求数据时，都会验证身份验证令牌.

I have an application that communicates with a server. When the user logins to the application an Authentication Token is crated on the server and stored in the SharedPreferences of the application and whenever the application requests data from a web service the authentication token is validated.

我的问题是，将身份验证令牌存储在SharedPreferences中是否安全?我问是因为具有root特权的用户可以访问首选项，提取令牌并使用它.

My question is, is it secure to store the authentication token in the SharedPreferences? I'm asking because a user with root privileges can access the preferences, extract the token and use it.

在这方面是否还有更高的安全性?

Is there anyway to have more security in that regard?

推荐答案

简而言之，是的，这是一件完全合理的事情.

In short, yes, that's a perfectly reasonable thing to do.

除此之外，您能做的最好的事情就是混淆.如果将令牌保留在内存中，则root用户可以窥视该令牌.如果对它进行加密，则还必须将加密密钥存储在设备上，否则将无法使用令牌……并且密钥可以像令牌一样容易被盗.

The best you can do on top of that is obfuscation only. If you keep the token in memory, a root user can peek into that. If you encrypt it, you have to store the encryption key on the device also or you won't be able to use the token… and the key can be stolen just as easily as the token.

如果某人在设备上拥有root身份，则所有投注均关闭.不要针对这种情况进行优化.如果您的应用程序具有超级双重安全性，请不要在根设备上运行该应用程序，或者实施远程擦除功能，以便用户可以报告其设备被盗，并使服务器上的令牌无效.

If someone has root on the device, all bets are off. Don't optimize for that case. If your app is super-duper high security, don't allow it to run on rooted devices, or implement a remote-wipe functionality where the user can report their device stolen and you can invalidate the token on the server.

Android 4.3引入了 Android密钥库.据称，这为加密密钥提供了安全的存储.这可以用来存储密钥，该密钥用于解密使用传统方法存储的加密令牌.但是，引用的链接未提及有根设备如何影响其安全性.

Android 4.3 introduced the Android Keystore. That purportedly provides a secure store for cryptographic keys. This could be used to store a key that's used to decrypt an encrypted token stored with traditional methods. However, the referenced link gives no mention of how a rooted device impacts the security of this.

UPDATE 2018 :大多数现代的Android设备具有由硬件支持的密钥库，通过SoC提供的可信执行环境(TEE).这使黑客无法(请参阅下文)获取密钥库主密钥，否则将无法解密存储在Android密钥库中的密钥.

UPDATE 2018: Most modern Android devices have hardware-backed keystores, via a trusted execution environment (TEE) provided by the SoC. This makes it impossible (see below) for hacker to obtain the keystore master key that would otherwise be needed to decrypt the keys you've stored in the Android Keystore.

嗯，不可能"是一个很强的词.最好说不可行".意思是，您需要像电子显微镜这样的东西来扫描融合到提供TEE的SoC中的位.如果您是这类数据值得引起关注的人，那么您可能会遇到更大的问题.

Well, "impossible" is a strong word. It's better said as "infeasible". Meaning, you'd need something like an electron microscope to scan the bits fused into the SoC providing the TEE. If you are the type of person whose data warrants this sort of attention, you probably have bigger problems.

这篇关于Android:将身份验证令牌存储在共享首选项中是个好主意吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！