How to save secret key securely in android

Question

I just read this article http://android-developers.blogspot.in/2013/02/using-cryptography-to-store-credentials.html where I learnt to generate security key.

I want to kn

Answer 1

Root user has the permission to do anything on your android device. No matter where you save your generated key, a process running as root will be able to read it (as long as it knows where to read from). You may decide to encrypt the key before storing it, but then you have to determine where you will save the encryption key (again, if it's on the phone, root user can read it).

You may consider to ask the user of your app to provide the encryption key, and not store the encryption key on the device. However, even then it may be possible to get hold of that encryption key given enough time and effort from an attacker.

You should consider the requirements of your app, most probably, when the device is rooted your application should not provide any security guarantees to your users. After all, there is a reason why rooting your device voids the warranty.