The primary focus of this chapter will be on how to make use of cryptography properly to store data securely on a device. We start with creating a consistent cryptography foundation by including our own encryption implementation libraries to give support to stronger encryption algorithms on older devices.
One of the straightforward items to tackle is the generation of symmetric encryption keys; however, the default settings are not always more secure. We look at the specific parameters to ensure the strongest encryption and review a common antipattern and OS bug that limits the security of the generated keys.
Then, we look at several ways in which we can securely store encryption keys using third-party libraries or a system service called the Android KeyStore that was introduced in Android 4.3. Going further, we learn how to avoid storing the key on the device altogether using a key derivation function to generate a key from the user's password or pin code.
We'll cover how to...