Is there an equivalent to iOS's Keychain for user credentials on Android?

AndroidKeychain

Android Problem Overview

Is there an equivalent to iOS's Keychain on Android?

My understanding of the Preferences API is that it is not encrypted. For my application it doesn't matter whether these credentials are persisted across devices (i.e. a different use-case to https://stackoverflow.com/questions/2411281/iphone-like-keychain-in-android)

I also looked at the KeyStore API but it seems to leave the actual storage of user credentials up to the application developer.

Android Solutions

Solution 1 - Android

Short answer, there isn't one. But you can expect the filesystem to be secure.

Each app operates under a different user, and the filesystem used to store app data is secured by normal UNIX user permissions. So each app's file access is sandboxed by default. The filesystem also may be encrypted.

This page from the developer's site explains it better: http://developer.android.com/guide/topics/security/security.html

Solution 2 - Android

Actually there is:

> By integrating Smart Lock for Passwords into your Android app, you can > automatically sign users in to your app using the credentials they > have saved. Users can save both username-password credentials and > federated identity provider credentials. > > Integrate Smart Lock for Passwords into your app by using the > Credentials API to retrieve saved credentials on sign-in. Use > successfully retrieved credentials to sign the user in, or use the > Credentials API to rapidly on-board new users by partially completing > your app's sign in or sign up form. Prompt users after sign-in or > sign-up to store their credentials for future automatic > authentication.

https://developers.google.com/identity/smartlock-passwords/android/

Solution 3 - Android

Expanding upon @DJPlayer's answer:

Some relevant articles. The third includes a github app that demonstrates using the keystore provider to generate keys and then encrypt strings.

Also see Android Storage Options for ways to store the encrypted password - my recommendation is Shared Preferences.

Note that according to the second article with root access and a bit of knowledge of how your app uses the keystore (which might be obtainable from decompiling your apk), it's possible to hijack the private key and use it to decrypt encrypted material (ex: the persisted password)

Solution 4 - Android

http://developer.android.com/reference/android/security/KeyChain.html

Keychain for OS 4.0

Categories
Recommended Android Solutions
Recommended Keychain Solutions

Previous Solution:

How can I prompt the user to turn on location services after user has denied their use

IosCore Location

Next Solution:

Django Local Settings

PythonDjangoSettings

Attributions

All content for this solution is sourced from the original question on Stackoverflow.

The content on this page is licensed under the Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license.

Content TypeOriginal AuthorOriginal Content on Stackoverflow
QuestionFXbeckersView Question on Stackoverflow
Solution 1 - AndroidnmrView Answer on Stackoverflow
Solution 2 - AndroidneteinsteinView Answer on Stackoverflow
Solution 3 - AndroidStan KurdzielView Answer on Stackoverflow
Solution 4 - AndroidDJPlayerView Answer on Stackoverflow