My Android application uses a secret key to generate a token for authentication purposes. Is there a more secure way to store this than just putting this in the data store? I think for the iPhone, we store it in the keychain. I am aware of android.accounts.AccountManager, but this seems to give other applications potentially the ability to access the password (if the user selects the wrong option) and so seems less secure.
My Android application uses a secret key to generate a token for authentication purposes.
Share
Android (unfortunately) does not provide a way to do so. The approach I’ve used before is to encrypt this token with another key generated within the app.
Your app key can be algorithmically generated. This, however, is only as secure as your algorithm. Once that is known this is equivalent to storing the token in plain text.