Data storage in Android

Data storage is one of the very important features when building Android applications. Android OS comes with the following mechanisms that enable developers to save an app’s data[1]:

  • Databases: SQLite database
  • Files
  • Preferences
  • Internal or removeable storage

In all cases, as a developer you need to pay attention to its security implication when your apps are working on user sensitive information:

With SQLite database, you may have heard about SQL injection attacks[2] where parts of SQL query or commands are constituted by user’s raw input, whereas Files, Preferences, Internal/External Storage always come with different options serving different purposes of saving data (for example: sensitive data should never be stored in public places such as Downloads folder or external SD card), misuse of such options would result in vulnerable apps that expose user’s sensitive information to malicious third party applications . Therefore, developers should be careful when applying those mechanisms in to their applications.  In the next posts, I will share more details on each particular mechanism (SQLite database, Files, Preferences and Internal/External Storage).

 

[1] Data Storage in Android: Android Official Documentation

[2] SQL Injection attack: Prof. Jim Whitehead’s lecture

 

Leave a Reply

Your email address will not be published. Required fields are marked *