Android Question How can I use the Android Keystore System?

Discussion in 'Android Questions' started by gkoehn, Mar 31, 2018.

  1. gkoehn

    gkoehn Member Licensed User

  2. Erel

    Erel Administrator Staff Member Licensed User

    What exactly do you want to use it for?

    It will not help you with hiding information that you want to include inside your app.
  3. Informatix

    Informatix Expert Licensed User

    Erel likes this.
  4. gkoehn

    gkoehn Member Licensed User

    I like the idea that OliverA posted in the posting...
    He mentions only giving your app restfull endpoints based upon the user's login.
    This is something that sounds good to me, but then the user always must enter login info.

    To get around this I would need to store something somewhere on the device that will make it to where he does not always need to enter his login info.
    I was hoping the "Android Keystore" would do that for me in a way that I could feel was secure.
    Maybe it is not worth the effort as pointed out by Informatix in the previous post.

    And, as I think about it, this may not be needed.
    Let's just walk through this..
    1 - The user logs in.
    2 - The server says "I know you" and returns, via json, the endpoints to use in the app.
    3 - The server also will return a session id.
    4 - App stores sessionid to device storage. <--- I wish this was encrypted because I like things secure.
    5 - Next time app talks to server, may be tomorrow after device has been restarted, the app sends session id to server.
    6 - Then we can go back to step 2.

    I guess the only way this is hackable is if the user, that is an authenticated user on the server system, tries to take this apart.
    Other hackers, that get the apk, are not authenticated, and therefore can't learn secrets.

    I was hoping to use "Android Keystore" to save access token/session id info.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice