Security with SharedPreferences

Question

I am developing an application in which I have to store very sensitive data and it should not come in contact with the user. I got to know from this source that if a device

Answer 1

SharedPreferences are eventually stored on an XML file in the application folder under /data/data/... - this path should be private and is not accessible on an un-rooted Android device running stock firmware, either by another application or by the user directly. It is however possible to root the device and then simply access this folder with UID 0, or even change the permissions.

So to your question:

So is there any method to protect my SharedPreferences from being accessed from anywhere

From the application's point of view it is not possible to modify how your application's private files are stored or protect them in any way as this is a filesystem setting and handled by the OS.

Or better still if some one can advise safer data storage option

The only solution at hand is to encrypt the data prior to storing it, whether it be using SharedPreferences or even using a local SQLite database. You might also consider using this library which provides transparent, 256-bit AES encryption of SQLite database files. Also bear in mind that your APK can be decompiled, so be mindful about encryption keys in your code.

One final note - The Android emulator acts as a rooted device by default, so if you want to peek around using ADB without having to root your device, you could definitely do that quite easily.

Cheers.