Maximus Maximus - 1 year ago 126
Android Question

Use `SharedPreferences` to store authentication token

I use token based authenticated mechanism on my server. When user logins through Android app the server returns token which needs to be sent with each subsequent request. I need to store that value on the devices. Since token is a simple string, I thought I'd use

to hold that value. When application starts inside
MyApplication extends Application
I query
for this token and hold it inside
as a global state so that every activity could access it when it sends request to the server.

Is this approach viable? If not, what critical drawbacks does it have? And if it's a bad idea, what's the alternative approach?

PS. This is not a subjective question - I'm not asking for
the best
approach, I'm validating my assumptions.

Answer Source

It's fairly safe. The users wont have access to the SharedPreferences unless they have rooted their devices. If you're concerned about security that much, you could encrypt the token before storing it inside SharedPreferences.