During setup, the app asks you to create a PIN. After entry, the app *encrypts* it and saves it in the shared_prefs directory. 1. It shouldn’t be encrypted at all - that’s a really poor design.
Isn’t the PIN supposed to be a secret? Why would it be bad to encrypt it?
It’s a pin, why would you store it at all? Why would you put a password on your password and store it?
edit: Just got those who don’t do software development it’s considered generally bad practice to store the plain text of a password (encrypted or not).
The correct approach is to run the password through a one way hash algorithm and store the result. The hash algorithm always produces the same result for any given password but it is very difficult to do the reverse and figure out what password was used to generate what result.
So you store the result on your side and when the user submits a password you run it through the same one way hash algo and compare the result with the one you have on file. If they match the password is correct.
Any developer who has ever made baby’s first Login should know this stuff it’s very basic web development.
Not really following this one:
Isn’t the PIN supposed to be a secret? Why would it be bad to encrypt it?
There is no point to this.
It’s a pin, why would you store it at all? Why would you put a password on your password and store it?
edit: Just got those who don’t do software development it’s considered generally bad practice to store the plain text of a password (encrypted or not).
The correct approach is to run the password through a one way hash algorithm and store the result. The hash algorithm always produces the same result for any given password but it is very difficult to do the reverse and figure out what password was used to generate what result.
So you store the result on your side and when the user submits a password you run it through the same one way hash algo and compare the result with the one you have on file. If they match the password is correct.
Any developer who has ever made baby’s first Login should know this stuff it’s very basic web development.