Many Android apps has users. They login, the own credentials
and unfortunately, their credentials are compromised.
The right way to store credentials in Android is using AccountManager.
* let the OS handle securing your credentials
* support multiple accounts if needed
* allow to share credentials cross apps from the same publisher (keystore)
* hold credentials after clear data
* Credentials are kept securely, even on rooted devices (unlike sharedPrefs, hidden files or database)
How it works:
AccountManager give you access to account data (key-value)
Accounts has type (company identifier) and could be fetched by type
Your access token should be saved using the AccoutManager
Step 1: declare your account in res/xml
Step 2: Declare account permissions, authentication service and login activity
Step 3: Declare your authenticator service. can be reached from
Step 4: Declare your CompanyAuthenticator
addAccount() will allow adding account from phoneSettings>account>new
getAuthToken() for getting our token.
* there are more options there. look at my github for more
Step 5: Add account to account manager after login
* I create account always with a token. it’s not mandatory, but simplify everything a lot
Protect your users by using AccountManager to save your access tokens.
To speed up, you can load your credentials to the RAM by reading them only once from the account manager.
Take a look at my github project for more details
Good lock ❤