Using the Android Keystore system to store and retrieve sensitive information

Id like to take a moment and discuss how we can take advantage of the Android Keystore and store passwords, or any other sensitive data in it, encrypt the data, and decrypt that data right back

Let’s clear some things up about the Android Keystore system before we begin. The keystore is not necessarily for passwords only, it can be for any sensitive data, and it does so in a way where it is much more difficult for attackers, or malicious/unauthorized software to get this information from us.

The Android Keystore system lets you store cryptographic keys in a container to make it more difficult to extract from the device. Once keys are in the keystore, they can be used for cryptographic operations with the key material remaining non-exportable. Moreover, it offers facilities to restrict when and how keys can be used, such as requiring user authentication for key use or restricting keys to be used only in certain cryptographic modes.

— The Google docs

An application can only edit, save, and retrieve its own keys. The concept is pretty simple, yet powerful. The app would generate or receive a private-public key pair, which would then be stored in the Android Keystore system. The public key can then be used to encrypt application secrets…