sziraqui
commented
6 years ago You are right to say that storing sensitive data in SharedPreferences is a bad practice. But regarding manipulation of credentials, well we are not storing any. Email id is stored but as you can see in onStart() method, we update email id from the sign in result everytime the app is launched. So even if someone with root access modifies email id, it will be updated from the sign-in result at next app start. So email id is always correctly stored and updated regardless of rare manipulations. (If you have a rooted device, modify email id in the preferences file and start the app, you will see your modifications of email id had no effect) Moreover, in the current version of the app, email id is not used to perform any user specific task which makes it not so sensitive data. Check Todos for features that may be affected by temporary modification of email id. Thanks for reviewing! Closed #6
It is bad practice to store users credentials in Shared preferences cause generally they are simple xml file and are not meant to store sensitive data some user with root privilege can change the credentials and can acts as another user on your app.