Android - restrict access with password

I'm doing an android app and a want to restrict specific part of the app to a kind of administrator (that is only for this app). The admin will push a button to access the admin part, and a password is required. My question is about the way to store the password. Do I have to store the password on like res/string or something? do you have a better idea? Thanks

I know that maybe some leaks are easy to do but my app is not something i'l开发者_C百科l spread, just for a signing app on an android smartphone, so no need to have big security, the password is just here to prevent from errors on the use of the app.

You need to create a hash function, which there is a great article about it at http://phpsec.org/articles/2005/password-hashing.html. Then you need to make sure that you store the password in the private data storage, for further protection. This should be sufficient for most purposes.

Considering that you are hardcoding the password in your app you might as well put it as plain text, since all it takes to lose all security is for one person to leak the password. Much easier then cracking a android .apk

If you want to be secure you need to confirm against a online account, and you need to be comparing hashes.

I think a more elegant way of doing this would be to use a AccountManager

Hold an encrypted version in the apps private directory. When you come to enter the password the app can encrypt it and see if it matches the one in the file.

I think that's similar to how pin numbers work on credit cards.