Skip to content Skip to sidebar Skip to footer
Home / Android

Android Application First Run

Post a Comment
In my application, I store sensitive user data (like bank details) and the user can lock each of the details by using a separate password. I want the user to set a master password

Solution 1:

I have also tried to figure out if there is a "fresh install" boolean, but it seems there is nothing like that, so you should go for a shared preference, like the folk did here.

PS: By the way, it's a duplicate of that question.

PS2: Keep in mind, if the user deletes all the stored information of your application, the check will also be erased and thus you'll be able to enter this again.

How to improve your information security:

  1. Store the user's information along with some control bytes (a random number, a specific string, whatever) and encrypt this with the user's password.
  2. Anytime you need the user's information, grab that file, try to decrypt its content with the user's password (asked each time)
  3. Check for the control bytes (a substr() will suffice, probably). If they're the same, then grab the information. If they're not, prompt again.

This way, you get some benefits:

  • You don't store the user's password anywhere. SharedPreferences won't store this, just the "firstTime" variable.
  • If the user dumps the application's information, putting again a password won't reduce your information.
  • Opening that file from an explorer will only show a bunch of numbers, symbols and probably non-readable bytes that will mostly break the editor.

Solution 2:

And thus the disadvantage of single pass authentication. If a malicious user manages to get/change the password no mechanism you put in place will stop them. If the information really is that sensitive you may want to enable a second authentication mechanism (security question, email confirmation, etc.)

Solution 3:

The best way is to probably set a receiver upon install.

<receiverandroid:name =".CLASSNAME"><intent-filter><actionandroid:name="com.android.vending.INSTALL_REFERRER"/></intent-filter></receiver>

(You will need to create a BroadcastReciever extended class called "CLASSNAME" for it to pick up the broadcast, in case you were not familiar with these.)

Also, install referrer will not work unless its out on the market, so you may follow this stack overflow answer in simulating a fake install; How to test android referral tracking?

Best of luck.

Post a Comment for "Android Application First Run"