我在的地步，我可以允许用户保存凭据我了未来的Andr​​oid应用程序一个简单的Web应用程序。我担心的（即新到Android）是其他（邪恶）的应用程序可以得到这个看似本地数据库（本地我的应用程序是）

I'm at the point where I can allow the user to store credentials for a simple web app in my up coming Android app. My fear (being new to Android) is that other (evil) apps could get at this seemingly local database (local to my app that is)

在写这个功能，我应该担心其他应用获取这个数据？如果是的话究竟是在本地进行加密的最佳方法（但请记住，我需要把它拉回来了在某些点登录时，他们正在使用的应用程序在用户）

When writing this feature should I fear other apps getting at this data? If so what is the best way to encrypt it locally (but remember I need to pull it back out at some point to log the user in when they are using the app)

谢谢！

推荐答案

我有类似的情况，并发现了 SimpleCrypto类足够满足我的需求得到加密，以避免密码的纯文本输出的密码很容易被读取。

I have a similar situation, and found the SimpleCrypto class enough for my needs to get the passwords encrypted to avoid plain text output of passwords being easily read.

您如何决定使用一个密钥加密是另外一个问题。 由于此处所示，你可以使用手机的唯一ID（显而易见的问题是，如果他们换手机，你不能解密你的数据），或者只是简单地使用一个随机字符串在code。这取决于你想如何努力使恢复和多么重要的数据就是你保证。

How you decide to use a key for the encryption is another question. As shown here, you could use the unique Id of the phone (obvious problems being that if they change phone you can't decrypt your data), or just simply use a random string in your code. It depends how hard you want to make recovery and how important the data is you're securing.