Apps How to store refresh token safely on Android Mobile

J

Jiten Shah

Lurker
I need to use a REST API for accessing data. The REST API uses username and password for the initial authentication and then generates access token and refresh token which are forwarded to the Android client. Refresh token is used so that the user does not have to login everyday and it can be used to renew access token (short-lived) periodically.

My only concern is : if the phone is rooted and gets access to refresh token either from shared preferences or sql db --> the user can keep on generating the access token with help of refresh token and attack the server.

Is there a better way I can handle this situation ? I don't want user to login in every time he opens the app.
 
D

Deleted User

Guest
Difficult to stop. I would implement something on the server side to detect repeated or excessive uses of the token, and take measures to deny service to the sender.
 
J

Jiten Shah

Lurker
Thread starter
LV426 said:
Difficult to stop. I would implement something on the server side to detect repeated or excessive uses of the token, and take measures to deny service to the sender.
Click to expand...

Thank you LV426. So, I can go with my approach of storing access token and refresh token on Android mobile and also implement the Server side intelligence to detect repeated or excessive use ?
 

Similar threads

tiho_bg
How to create ssh connection with chilkatsoft and android studio?
Replies
1
Views
6K
DonB
DonB
tiho_bg
  • Locked
How to create ssh connection with chilkatsoft library?
Replies
1
Views
4K
DonB
DonB
serious017
How to send a token from the SharedPreferences to MySQL with a session PHP script?
Replies
6
Views
4K
serious017
serious017
P
Android App, Let's Choose the Database
Replies
0
Views
2K
Pd89
P
I
How to develop app data connectivity setting
Replies
1
Views
834
Unforgiven
Unforgiven
Top