Is SharedPreferences not accessible to other applications?

I have an app which has a user login to a webservice (username + password). I need to store the user's username and password somewhere to auto-log them in (otherwise they have to enter username + password every time).

I have stored the username + password in SharedPreferences like so:

SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(this);
Editor editor = prefs.edit();
editor.put("username", "the username");
editor.put("password", "the password");
editor.commit();

If I understand correctly, the actual file that shared prefs writes to is not accessible fr开发者_运维知识库om other third party apps, correct? Therefore it's ok to store the username + password here?

If I hook up devices to DDMS, I cannot see the shared prefs files (good). If I use the emulator, I can see them.

Thanks

They shouldn't normally be accessible by other applications, but on a rooted device they can be accessed quite easily.

You may want to encrypt/decrypt the strings as your store and load them.

That is correct. Nevertheless, the file is a regular xml file that could be accessible by any file explorer in a rooted phone, so you should encrypt your data anyway. Never assume that the app will not be used in a rooted phone. Even if the user won't do it, the phone can always be lost/stolen and rooted to extract information.

To answer the question in your comment:

To obtain a SharedPreferences instance (either the default or any custom one) you need the Activity context, which is inaccessible by any other app.