Android store user data securely

Question

I want to store some sensitive data in Android app. I know I am able to store it in SharedPreference or put the data in sqlite. But if the user roots the app, then he will be able to get the data. I also know that I could encrypt the data and store it in the same places. But, I do want to know if Android by default has some mechanism like that of iOS using keychain and store it in keychain. I am not sure if somebody asked the same question. If yes please redirect me

Answer 1

I think that a good idea is to use the Android Keystore to "secure" store your key and then use it to encrypt/decrypt your data.

It's always better to find a solution inside the Android framework without use a library for everything.

See this link for more infos.

If you want to use more sofisticated and "secure" way to encrypt/decrypt data you could think to store on a remote server your keys, but this depend on your application does.

UPDATE NOTE you can secure store your data only using secure elements such as SIM card (see this). You can even use the TEE technology which is something more secure than filesystem but less secure than SIM to store secure object on your device. This technology is not available on all the devices.

Answer 2

There is a library made by Duncan which you can find on GitHub (JNCryptor) and should be useful for you. This is compatible with the RNCryptor project for iOS.

This may work for you on Android, or at least you can see how the code works and adapt it as necessary.

Take a look to this question (Where I found the library) which is not the same as you're asking, but could help.