I am developing an application that involves some sensitive user information. I retrieve this information via a private web API. I am trying to determine the best way to get this data into my app. Right now I’m exploring creating a content provider that can do so; my hesitation is in making it secure. I want this data to be usable only by my application. Ideally, no other apps would even know it exists.
Do you have any pointers or advice on how to do this effectively and securely?
Any info on content providers who’s data source is a remote OAuth’d API?
Edit: I say content provider, but if that isn’t the best way to do what I need, by all means let me know what else to look into.
android:exported="false" in your manifest.
Why even consider a ContentProvider? As far as I know ContentProviders are meant to share data with other applications. I would suggest writing a utility class to interface with your storage of the sensitive data, be it SQLite or whatever.