I'm currently designing an application which has initial login page. I provide remember me functionality and I stored username and password values in shared preferences. I illustrated my sample code below.
SharedPreferences preferences = getApplicationContext().getSharedPreferences("MyAppSettings",Context.MODE_PRIVATE);
SharedPreferences.Editor edit = preferences.edit();
edit.putString("username",username);
edit.putString("password",password);
edit.commit();
Info: Suppose username and password are string variables which are filled by user
Whenever user sets checkbox remember me, I store these variables in shared preferences.
I wonder that is this way safe and reliable for performing this kind of operation?
I mean that can these variables be reachable from outside the application?
Also, do I have to encrypt password of the user and store in shared preferences?
Thanks in advance,
I mean that can these variables be reachable from outside the application?
Anyone with a rooted device can view your SharedPreferences. It is simply an XML file stored on the device.
Also, do I have to encrypt password of the user and store in shared preferences?
It would be safer to do so, yes. Also encrypt the username while you're about it.