如果我想存储的用户名和密码被一个Android应用程序中使用，是什么做的最好的方法是什么？它是通过preferences屏幕（但如果用户错过呢？），或者弹出一个对话框，要求您提供凭据的用户？如果是的话，我必须保持状态的应用程序。我将如何做到这一点？

If I want to store the username and password to be used inside an Android application, what is the best way to do it? Is it through the preferences screen (but what if the user misses this?), or pop up a dialog box and ask the user for the credentials? If so, I do have to maintain state for the application. How would I do this?

推荐答案

大多数Android和iPhone应用程序我已经看到了使用初始屏幕或对话框，询问凭据。我认为这是很麻烦的用户必须重新输入他们的名字/密码的时候，所以存储这些信息使得从可用性的角度来看意义。

Most Android and iPhone apps I have seen use an initial screen or dialog box to ask for credentials. I think it is cumbersome for the user to have to re-enter their name/password often, so storing that info makes sense from a usability perspective.

从（ Android开发指南）的建议是：

在一般情况下，我们建议最小化要求用户的频率   凭据 - 使网络钓鱼攻击更加突出，少   可能成功。而是使用授权令牌和   刷新。

In general, we recommend minimizing the frequency of asking for user credentials -- to make phishing attacks more conspicuous, and less likely to be successful. Instead use an authorization token and refresh it.

如果可能，用户名和密码不应该存储在   设备。相反，使用的用户名进行初始认证，   密码由用户提供，然后用一个短命的，   服务特定的授权令牌。

Where possible, username and password should not be stored on the device. Instead, perform initial authentication using the username and password supplied by the user, and then use a short-lived, service-specific authorization token.

使用 AccountManger 是用于存储证书的最佳选择。该SampleSyncAdapter提供如何使用它的示例。

Using the AccountManger is the best option for storing credentials. The SampleSyncAdapter provides an example of how to use it.

如果这不是一个选项，你出于某种原因，你可以使用的 preferences 机制。其它应用将不能够访问preferences，因此用户的信息不容易暴露。

If this is not an option to you for some reason, you can fall back to persisting credentials using the Preferences mechanism. Other applications won't be able to access your preferences, so the user's information is not easily exposed.