Keep secret data after app removed?

Question

I try to use the KeyStore to save some secret. but after removed the app from android device, the keypair also removed from the device.

Is there any way I can save keypair ever app removed. The reason I still want the keypair is: if user re-install the app, the keypair still exist and keep the same.

Answer 1

You could store credentials in Android KeyChain when you want system-wide credentials. Your keys will remain in the KeyChain even if you uninstall the application. See KeyChain and Choosing Between a Keychain or the Android Keystore Provider

The KeyChain class provides access to private keys and their corresponding certificate chains in credential storage.

...

An application can request the installation of private keys and certificates via the Intent provided by createInstallIntent(). Private keys installed via this Intent will be accessible via choosePrivateKeyAlias(Activity, KeyChainAliasCallback, String[], Principal[], Uri, String) while Certificate Authority (CA) certificates will be trusted by all applications through the default X509TrustManager.

An alternative is to store the keypair in a local file and encrypt it with a password that is requested from the user.

You could also store it in this way on server, but always encrypted, so that the server does not have access to the user's keys