How to store secret key in Android?

Question

In my app I'm generating secret key based on device id + random garble. What's safiest way to store those secret key in a way that it can be easily retrieved if user will transfer data from one device to another one?

I'm talking about storing secret key in some external storage like: gmail or other server alike environment.

Answer 1

"easily transferred secret key" is an oxymoron, because the main purpose of the secret key is to be, well, impossible to guess or copy. that's why i'd recommend to generate the unique secret key on every user device and use them to encode your data stored on that particular device (and nowhere else).

when you transfer the data, you may ask the user to create the password, and encrypt transferred data with that password. and ask the user to enter the same password on the receiving device in order to decrypt the transfer and encrypt back again, but using the unique device key.