在Android 4.3及更高版本中，有一个名为AndoridKeystore的东西，它大致等效于iOS密钥链.这里是一个不错的博客它和官方的 API示例项目.

In Android 4.3+ there is something called AndoridKeystore which is roughly equivalent to iOS key chain. Here's a good blog write up of it and official API sample project.

通常，如果您使用 Context.MODE_PRIVATE 创建共享的首选项，则只能由您的应用程序(或其他由密钥签名的应用程序)访问.但是，如果设备已植根，则用户和任何应用程序都可能读取您应用程序的私人共享首选项.

In general if your create your shared preferences with Context.MODE_PRIVATE they are only accessible by your application (or other app signed by your key). However if the device is rooted they the user and any app could potentially read your app's private shared preferences.

我帮助创建和维护了一个名为安全首选项的库，以模糊化密钥和值.存储在共享的首选项中，使攻击者更难，然后要求对应用程序进行反向工程(尽管这不是火箭科学).一个很好的替代安全首选项的方法是Mark Murphy的 CWAC-prefs ，它由SQLcipher支持.

I helped create and maintain a library called secure-preferences to obfuscate key and values that are stored in the shared preferences to make it harder for attackers and require then to reverse engineer the app (although that's not rocket science). A good alternative to secure-preferences is CWAC-prefs by Mark Murphy which is backed by SQLcipher.