Hi all,
I have seen different android apps, like Material Files, store credentials unencrypted in their SharedPreferences.
I am no expert regarding Android security and I have mixed feelings regarding this approach. On the one hand, the credentials should still not be easy to get to due to full disk encryption and the Android Isolation model, but on the other hand it seems still less secure than using something like the Android keystore to encrypt credentials.
What are your views on this? Is this approach still acceptable?