Shared Preferences

Shared Preferences

The SharedPreferences API is commonly used to permanently save small collections of key-value pairs. Data stored in a SharedPreferences object is written to a plain-text XML file. The SharedPreferences object can be declared world-readable (accessible to all apps) or private. Misuse of the SharedPreferences API can often lead to exposure of sensitive data.

Once the activity has been called, the file key.xml will be created with the provided data. This code violates several best practices.

  • • The username and password are stored in clear text in /data/data/<package-name>/shared_prefs/key.xml.
  • MODE_WORLD_READABLE allows all applications to access and read the contents of key.xml.
Please note that MODE_WORLD_READABLE and MODE_WORLD_WRITEABLE were deprecated starting on API level 17. Although newer devices may not be affected by this, applications compiled with an android:targetSdkVersion value less than 17 may be affected if they run on an OS version that was released before Android 4.2 (API level 17).