How safe is Internal Storage?

2018-06-04 14:22:11

What I need:

For Android: I need to save data permanently, but also be able to edit (and obviously read) it. This data should NOT be accessible by the user - it can contain things like a highscore, which must not be edited by the user.

My Problem

I would have (and have already) used Internal Storage , but I´m not sure how safe it actually is. Here it says:

You can save files directly on the device's internal storage. By default, files saved to the internal storage are private to your application and other applications cannot access them (nor can the user). When the user uninstalls your application, these files are removed.

That´s basicly exactly what I need - but is it really safe? Can it be accessed (maybe only read?) through a rooted device? (Or any other way?)

What about SQLite-Databases or Shared Memory? Are they better suited for saving (small amounts of) data?

Also: is it generally recommended to handle "secret" data in a different way internally? (like not saving it (internally) as Integer/String but some kind of encrypted)

Can it be accessed (maybe only read?) through a rooted device?

It can be read from and written to.

it can contain things like a highscore, which must not be edited by the user.

It is the user's data, not yours. It is the user's device, not yours. Hence, the user can edit that data if the user wants, so long as their data is stored on their device.

Now, if you wanted to prevent somebody else from editing that data, then encryption, with a user-supplied password, is a reasonable measure. That would seem unnecessary for a game high score.

Otherwise, if you do not want them editing that data, do not store it on their device.

Using SharedPreferences is what you may want. It saves data in an XML file deep in the caverns of the /data/ directory. The user or other apps can't get there unless the phone has root permissions.

http://developer.android.com/reference/android/content/SharedPreferences.html

No it's not safe, user can modify files on rooted devices and emulator. It's better to use Encryption, but encryption is not 100% safe, In fact experienced geeks can crack your encryption. I suggest saving critical data which should not accessed or manipulate by user on your webserver not on user's devices.

链接地址: http://www.djcxy.com/p/14914.html

上一篇: 什么是最好的方式来洗牌NSMutableArray？

下一篇: 内部存储的安全性如何？