Answer the question
In order to leave comments, you need to log in
How to properly store logins and passwords in an Android application?
There is a client-server application.
How to protect logins, passwords, tokens, etc. in the application from those who want to decompile it?
Answer the question
In order to leave comments, you need to log in
The password should never be stored, but if it is encrypted with a master password that is not recorded anywhere, then it is possible (it depends on the application).
In the remaining 99% of cases, passwords (encrypted, hashed) are stored only on servers,
keep the login and token, there will be no access without passwords.
Ideally, of course, only store the token, but everyone wants to make life more convenient for the user by entering a login for him in advance.
The best defense is to store nothing on the client other than a token to access your service. Never work directly with the database from the client, and it is better to access third-party closed APIs through your service. This is the only way to ensure that an attacker does not find anything.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question