hi,

I use:

fOut = thecontext.openFileOutput(filename, Context.MODE_PRIVATE);

Does the private mean that unless you have the phone and are the user of the phone or otherwise got your hand on it, that no program can read the file I'm writing?

I.e no installed program could request any permission to read a file marked by my program as private?

Mike

In the android environment all files are created in MODE_PRIVATE!

Each application is run by its own user: any files created by an application can only be accessed by that particular application. Setting MODE_PRIVATE to the file is simply an option available as you can set files to be public-accessible.

However, if a user has root access to their phone they can CHMOD or simply pull the file off of the device. From an applications perspective, this is unlikely to happen as they would have to know the package namespace (com.google.etc.yourapplication) of another application as well as have the proper system access to change file permissions for which it does not have access - which is a permission reserved for ROOT and I believe applications are run as regular users and not root users.

thanks for answer. I'm saving a simple user name and password in a private file. this is not a highly sensitive password, no money or private data associated with it, just a server password to play games. private sounds OK for now. I wouldn't want to leave it wide open, as if any compromise, like its known my android program leaves passwords wide open, and people have their gaming accounts logged into, well the server admins might not take kindly to that. Down the road i might try encryption. I don't have a particularly large user base or visibility just yet anyway. Key thing is i wanted to know that i had taken some steps to make getting this info non-trivial, assuming any happened on a chance to get access to anyone android phone in the first place.

Mike