What exactly do you want to use it for?
It will not help you with hiding information that you want to include inside your app.
I like the idea that OliverA posted in the posting...
https://www.b4x.com/android/forum/threads/why-b4a-decompiled.91080/page-3#post-576856
He mentions only giving your app restfull endpoints based upon the user's login.
This is something that sounds good to me, but then the user always must enter login info.
To get around this I would need to store something somewhere on the device that will make it to where he does not always need to enter his login info.
I was hoping the "Android Keystore" would do that for me in a way that I could feel was secure.
Maybe it is not worth the effort as pointed out by Informatix in the previous post.
And, as I think about it, this may not be needed.
Let's just walk through this..
1 - The user logs in.
2 - The server says "I know you" and returns, via json, the endpoints to use in the app.
3 - The server also will return a session id.
4 - App stores sessionid to device storage. <--- I wish this was encrypted because I like things secure.
5 - Next time app talks to server, may be tomorrow after device has been restarted, the app sends session id to server.
6 - Then we can go back to step 2.
I guess the only way this is hackable is if the user, that is an authenticated user on the server system, tries to take this apart.
Other hackers, that get the apk, are not authenticated, and therefore can't learn secrets.
I was hoping to use "Android Keystore" to save access token/session id info.
