Android: Encrypt password

Short answer: it's pretty secure.

Long answer: first off, if you are creating an application that allows a user to log into a web / remote service, you might want to look into the AccountManager. It's a bit harder to learn the APIs and intergrate with it, but you get some nice benefits:

1. Simple multiple account management (all the accounts are stored in the AccountManager).
2. Ability to add SyncAdapters (and writing them will be pretty simplified, since the AccountManager will call your adapters with the right account -- you don't have to run the sync for each account manually).
3. Your app will appear under Settings > Accounts & sync.

Check out the Sample Sync Adapter in the docs -- it shows how to use the AccountManager (you can ignore the sync stuff if you don't need it).

Now, on to the secureness of storing the password (what follows is valid for both storing the password in SharedPreferences and in AccountManager). As long as the device on which your application is running is not rooted, it is completely secure. No other app but yours can read the password. You can't even read the password if you connect the phone to a PC using a USB cable and use adb pull to try and get the respective file.

However, if the phone is rooted, any app that gets root access can read the password. Also, adb pull works, and you can get to the password in seconds.

Because of this, encryption is recommended (especially if your web / cloud / remote service holds sensitive data). I have used SimpleCrypto in my last project (together with AccountManager) and it works pretty well. In case you're wondering, I just used a constant for the "master password". For added security, I have obfuscated the final build (check out how).