Where to store large application data on android devices?

I’m currently facing a problem where I should store my object structure on the android device.

The usecase: I’m starting a call to an applicationserver (with the great help of AsyncTask), get a well known response (xml-response) from the server, parse the data and transform it finally into my object structure (highly complex class diagram with many associations between the classes). So far it’s working, thanks to the great XMLPullParser ๐Ÿ˜‰
I’m wondering where to store (and of course share) the fetched data between my activities… I already know that I can use sqlite, but I do not have an or-mapper (like hibernate in the j2ee environment). I’m also not allowed to store this sensitive data on the device (in sqlite or file system), so my first approach was to store this data in a singleton (which is of cource being held in memory…). But what happens when system is getting on low memory, can android “destroy” the data stored in my singleton? I already read about extending the android.app.Application class… So what is the best way to securely store object data (called from “webservice”) on android devices?

BTW: Android development is that cool! We are currently porting a Windows Mobile 6.5 App to Android and iPhone, and my colleague (reponsible for iPhone-dev) is complaining all the time^^

Answer

Regarding an OR mapper, I came across OrmLite the other day. It is a general ORM tool for Java, but it also has some special adaptations that makes it work for Android. I haven’t had time to test it myself yet, but it looks promising ๐Ÿ™‚

As for storing sensitive data on the phone, you really don’t have the option of storing it only in memory (using some kind of singleton as you suggested). As soon as your application goes to the background, it can be killed instantaneously, so you have to persist what data you want to keep in some way. That being said, if you save data to Internal Storage, this will not be available for any other app on the phone (given that the phone is not rooted, because if is rooted this is easy to get around). I do believe that this same goes for data you store using SQLite, but I’m not 100% certain, so I won’t guarantee it.

But basically, if you are sure that your app will only run on non-rooted devices, you should be pretty safe saving your data to Internal Storage. And if that isn’t good enough, there there is the javax.crypto package, but I’ve never used that so I can’t really say anything about it.