Android application back end design

Congrats to W. Frank Ableson, Robi Sen, and Chris King on your new book.

I have the following questions on the Android app back end design. It will be great if you can share your views.

- What is the best way to encrypt the data we store in an Android application. For instance as part of the application, we may have to save OAUTH based access tokens of third party sites (Google, Twitter etc.). Can encryption be used with SQLLite, if yes, can you please suggest the open source tools for the same.
- I am developing a simple application, where in I have to run multiple async tasks to communicate with the server. During the asynchronous task executions, I am running into some threading issues. What are the design guide lines for developing Async tasks. Also should I be using services instead of tasks?
- From what I have read, Android doesnt provide filters for ListView. Are there any design guidelines for optimal filtering?
- What special care should be taken for form fields on orientation changes (Landscape to Portrait, vice versa)

Regds,
-Raj

What is the best way to encrypt the data we store in an Android application. For instance as part of the application, we may have to save OAUTH based access tokens of third party sites (Google, Twitter etc.).

What are you trying to guard against? In other words, what is the attack scenario you're trying to address?

I am running into some threading issues.

What issues are those?

From what I have read, Android doesnt provide filters for ListView.

Does this help? http://stackoverflow.com/questions/1737009/how-to-make-a-nice-looking-listview-filter-on-android

What special care should be taken for form fields on orientation changes (Landscape to Portrait, vice versa)

Besides having two layouts (in the layout and layout-land directories), you should implement the onRetainNonConfigurationInstance and onRestoreInstanceState methods in your activity in order to save and restore any data your activity needs.

Thanks for the quick response.

If I understand correctly, SQLLite data on phone can be accessed by anyone who has access to the device. I am looking at guarding scenarios where the mobile is lost. In these cases also access tokens shouldnt be viewable to others. If we have encryption, we will be safe that the data doesnt make sense to others.

I will check the link on list view related link.

Regds,
-Raj

For encrypting data on the SQL DB it depends on what you want to do. If it is just passwords and such simple hash mechanisms might be best. If your really concerned about a shared device then you want a secret key that the users has to type in to see their data. As for the best form of encryption this depends on use cases and there are numerous well defined standards on how to correctly implement encryption from how you see data, manage keys, transfer data etc and I would need to know a lot more about you application before I could recommend something specific.