The SharedPreferences API is commonly used to permanently save small collections of key-value pairs. Data stored in a SharedPreferences object is written to a plain-text XML file. The SharedPreferences object can be declared world-readable (accessible to all apps) or private. Misuse of the SharedPreferences API can often lead to exposure of sensitive data.
Once the activity has been called, the file key.xml will be created with the provided data. This code violates several best practices.
- • The username and password are stored in clear text in /data/data/<package-name>/shared_prefs/key.xml.
- • MODE_WORLD_READABLE allows all applications to access and read the contents of key.xml.