Securing Android Application User Sessions
Android application developers grapple with implementing user sessions that provide seamless user experience without compromising on application security. Android framework provides the option to use SharedPreferences, which is an easy and efficient way to store a small amount of key-value data especially for persisting user sessions. SharedPreferences however store data as plain text and therefore not ideal while storing sensitive data such as access keys and passwords as well as Personally Identifiable Information (PII). OWASP Mobile Top 10 highlights Insecure…