Storing a secret key on Android

My Android application uses a secret key to generate a token for authentication purposes. Is there a more secure way to store this than just putting this in the data store? I think for the iPhone, we store it in the keychain. I am aware of android.accounts.AccountManager, but this seems to give other applications potentially the ability to access the password (if the user selects the wrong option) and so seems less secure.

  • Android application as a service without activity
  • Watch for changes in external USB storage for Honeycomb or later Android versions
  • Release resources in onPause instead of onDestroy
  • hide scrollview stick android
  • Remove shadow below actionbar
  • How does android compare pending intents
  • Related posts:

    CollapsingToolbarLayout setTitle() does not update unless collapsed
    Android Download Multiple Files and show progress in ListView
    Android NDK: Aborting stop?
    Detect Android app upgrade and set Application class boolean for show/hide of EULA
    Send Command to Bluetooth from Android device
    Refactoring package name breaks entire app
  • how to find the position of item in a AutoCompletetextview filled with Array
  • Android Circular Gradient Alpha Mask
  • Detecting a long press with Android
  • Difference between onKey(), OnKeyDown() and dispatchKeyEvent() methods provided by Android?
  • Mediaplayer progress update to seekbar not smooth?
  • How to rename a file on sdcard with Android application?
  • 4 Solutions collect form web for “Storing a secret key on Android”

    Android (unfortunately) does not provide a way to do so. The approach I’ve used before is to encrypt this token with another key generated within the app.

    Your app key can be algorithmically generated. This, however, is only as secure as your algorithm. Once that is known this is equivalent to storing the token in plain text.

    You can store the key in the Preferences of your App. This will protect the key from getting read by other applications because of the underlying file system restrictions of the Android system.

    But this won’t protect the key from being read by the user itself.

    if you can run apk tool then its in debug and you are going to root the device. There isn’t any more protection on the keychain in iOS when its jailbroken

    You can store secret data by encrypting it with a key generated by Android Keystore System and then storing the result whether you like.

    Android Babe is a Google Android Fan, All about Android Phones, Android Wear, Android Dev and Android Games Apps and so on.