I want to store some small but critical piece of information such as AES keys in my Android application. What would be the recommended way to do this? I do not want to hardcode keys as part of my application.
I look at KeyStore but it does not really solve my problem. It can store my keys given that I can provide a password. Then I need to find a secure place to store this password which is same as my original problem.
Is there a built in Android class to perform this task? Or should I look for third party libraries? Using NDK is also acceptable for me.
I was hoping to find an Android API for storage such that guarantees that only the application that stored some information can retrieve it back. Android OS could have enforced this based on signing signatures of the application. This way my application can generate a random key on first run and store it in secure storage for later use. Are there any API for this?
Is there a built in Android class to perform this task?
Or should I look for third party libraries?
You can try, but I suspect most will look like the solution you already rejected. Most secure data stores involve passwords and assume the passwords are held elsewhere (e.g., in a user's head). For example, OI Safe has an Intent-based system of allowing applications to store stuff in the safe, but then the user is involved in unlocking the safe, IIRC.