How to secure passwords in Android Application

Many of my user开发者_JAVA技巧s have requested a password protection for various data elements in my database. Unfortunately, one of my existing features is backing up the database to a public location (SD Card) for data redundancy, so my database isn't secure.

So my question is two-fold.

1. How can I encrypt or secure a database on android?

2. How can I store user created passwords on the device in a secure, inaccessible way.

---

If you are using API version 5 or higher, you could integrate with the android.accounts.AccountManager.

---

If you store data in via the preference store this data is only accessible for your application, if the android system is valid (not rooted, etc). Every app will get a own user for access on the file system and therefor the underlying linux system will prevent the other apps from reading these data stores.

I haven't work with the preference manager yet, maybe you will find an answer on how to use it in the documentation.

If you need the passwort to loggin in to an external web app and can't simply store a hash of the password there is a special mechanism used for example for the google authentications. You log in to the web app with username password and then the web app sends a security token to your device. This token can be saved and is valid for logging in for two weeks from this device. This can only work if you control some parts of the web app you are working with.