What is the most appropriate way to store user settings in Android application?

I am creating an application which connects to the server using username/password and I would like to enable the option “Save password” so the user wouldn’t have to type the password each time the application starts.

In general SharedPreferences are your best bet for storing preferences, so in general I'd recommend that approach for saving application and user settings.


The only area of concern here is what you're saving. Passwords are always a tricky thing to store, and I'd be particularly wary of storing them as clear text. The Android architecture is such that your application's SharedPreferences are sandboxed to prevent other applications from being able to access the values so there's some security there, but physical access to a phone could potentially allow access to the values.


If possible I'd consider modifying the server to use a negotiated token for providing access, something like OAuth. Alternatively you may need to construct some sort of cryptographic store, though that's non-trivial. At the very least, make sure you're encrypting the password before writing it to disk.