Password protected android app. Reset password function?

Question

I implemented a simple password protection for my Android app. I am storing the user defined password obfuscated in the SharedPreferences. I can restore it by unobfuscating it.

In case the user forgets the password, what would be the best way to restore access to the app? Would it be a good idea to send the password via mail and is this even possible from within an Android app?

Thx

Answer 1

Businesswise I would like to give multiple options to user, as the app would become unusable if user does not have the password.

Option 1: Provide answer to a security question (which user will need to register beforehand) and you can reset the password. For this, the solution will be coded within the app.

If Option 1 fails (user does not remember the answer)

Option 2: Ask for the email address/ login id of user and send him password reset details. Now this will need to have a webservice (to send the email address) and a database (where you will validate the email address against stored user record). This obviously means you have to create a small server side web service.

That ofcourse is ideal scenario. If you do not have bandwidth/ resources for option 2, you will have to skip that.