Google requires that all new apps need to encrypt user's personal data before transmitting to and storing in the remote database.
For the sake of security, how I should store the encryption keys somewhere inside the app, or somewhere outside the app and easily accessible by the app?
Earlier I was thinking about the SecuredAssets tool, still the app needs the password to decrypt.
You are going to have to store some type of a key or password on the device at some point if you are going to be decrypting on the device itself. Unless you use the user's password (or their password hash) as part of your local key, then in that case the full password is not stored on the device (because they have to type it in each time).
The only 100% sure-fire method would be to have the server-end do all the encrypting then no keys are on the remote client.
you use the user's password (or their password hash) as part of your local key, then in that case the full password is not stored on the device (because they have to type it in each time).
The only 100% sure-fire method would be to have the server-end do all the encrypting then no keys are on the remote client.
Using user password is a good idea; it's too bad that users don't enter any password in my app.
Google requires that user data need to be encrypted on the client side before sending over to the server, therefore server-end encryption alone wouldn't work.
You are going to have to store some type of a key or password on the device at some point if you are going to be decrypting on the device itself. Unless you use the user's password (or their password hash) as part of your local key, then in that case the full password is not stored on the device (because they have to type it in each time).
The only 100% sure-fire method would be to have the server-end do all the encrypting then no keys are on the remote client.
what if you need to send the data from the app in encrypted mode? For example - UserID which is a Primary key in users table in the database? Or a device id? So you need to encrypt it forst on the device before send it back to the server.