Shared Preferences are stored as a file in the filesystem on the device. They are, by default, stored within the app's data directory with filesystem premissions set that only allow the UID that the specific application runs with to access them. So, they are private in so much as Linux file permissions restrict access to them, the same as on any Linux/Unix system.
Anyone with root level access to the device will be able to see them, as root has access to everything on the filesystem. Also, any application that runs with the same UID as the creating app would be able to access them (this is not usually done and you need to take specific action to make two apps runs with the same UID, so this is probably not a big concern). Finally, if someone was able to mount your device's filesystem without using the installed Android OS, they could also bypass the permissions that restrict access.
If you're concerned about such access to your preferences (or any data written by your application), then you will want to encrypt it. If you are that concerned about them, you're going to need to figure out exactly how much protection is necessary for the level of risk you see. There is a very extensive discussion about this in Application Security for the Android Platform, just published in December 2011 (disclaimer: I'm the author of this book).
SharedPreferences are nothing but XML files in your phones /data/data/ folder,So any application or user with superuser privilages on a rooted device can access your SharedPreferences, even if they were created with MODE_PRIV
Still there is a way to protect it from everybody... Please checkout this link. Here you can store data in pref with encryption,the class is self explanatory and very easy to use.
https://github.com/yuxiaohui78/encrypted-userprefs
2523
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
