I'm going through the implementation of Android's In-app Billing Version 3 API, and came across the following warning in Android's sample code:
/*
* WARNING: on a real application, we recommend you save data in a secure way to
* prevent tampering. For simplicity in this sample, we simply store the data using a
* SharedPreferences.
*/
I just need to store a simple flag if the user purchases an item, and using an SQLite database seems like overkill. I was just wondering what my alternatives are, seeing as though it looks like Android advises against using SharedPreferences.
Storing data locally on the device is generally considered insecure, and it's not too difficult for a user to access and modify their devices shared preference file. There is no silver bullet here, but the recommended approach is to use your own server and communicate using a network connection.
For your purposes however, the simplest "secure" approach would be to encrypt the SharedPreferences data (see this post).