Using android security KeyChain [closed]

Question

Closed. This question needs to be more focused. It is not currently accepting answers.

---

Want to improve this question? Update the question so it focuses on one problem only by editing this post.

Closed 2 years ago.

Improve this question

For example I need to save important data (passwords, token's, & etc.) on the device. The encrypted or not encrypted data. Will I need android.security KeyChain for secure data storage? If the user of the device will root his device, will the data Keychain invulnerable? What advise to use for data security?

Answer 1

This is a very broad question. Perhaps a community wiki exists already with an answer for it. Anyways, here is a collection of resources related to secure storage in Android that should be helpful:

• Android training: http://developer.android.com/training/articles/security-tips.html
• Credential storage API: http://nelenkov.blogspot.jp/2012/05/storing-application-secrets-in-androids.html and http://nelenkov.blogspot.no/2013/08/credential-storage-enhancements-android-43.html
  • http://developer.android.com/samples/BasicAndroidKeyStore/index.html
• You can use the Account Manager for accounts and add features and properties to it to keep custom data:
  
  • http://developer.android.com/training/sync-adapters/creating-authenticator.html
  • http://developer.android.com/reference/android/accounts/AccountManager.html
  • https://github.com/android/platform_development/tree/master/samples/SampleSyncAdapter
  • http://nelenkov.blogspot.no/2012/11/sso-using-account-manager.html
  • http://udinic.wordpress.com/2013/04/24/write-your-own-android-authenticator/
  • https://groups.google.com/forum/#!topic/android-developers/Vubkbfqimm8
• In general you should check out Nikolay Elenkov's blog with lot's of good articles on Android and security: http://nelenkov.blogspot.no/

Answer 2

While this question is too broad, I would like to say my 2 cents.

Anything with Personal Identifiable Information (PII) that you wish to save in your Android device should be encrypted, else it is susceptible to being sniffed, intercepted or read by anyone. It is of best practice to always encrypt sensitive data.

Android KeyChain can be used for secure data storage. You may read more about Android security with their documentation on the latest Android APIs and the recent best practice. In my mobile security experience, however, any rooted Android device will be vulnerable to different kinds of attacks. It would be best not to root your device unless you know what you are doing.