Table of Contents

Lock Screen

Choose a Key

Key Storage

Key Generation

Key Management

Encryption & Decryption

Usage Example

Whats Next

Security Tips

Lock Screen

If you want to secure your data — protect your device.

To be more secure, before providing an access to any of application features, we can request user to setup his device Lock Screen (if it has been not setup yet). Also some other features that we will review later in this series, such as Fingerprint, requires lock screen to be setup.

And there is a special system service — KeyguardManager, that can help us with this task.

isDeviceSecure method— checks if device is secured with a PIN, pattern or password. Available from API 23.

isKeyguardSecure method— checks if keyguard is secured by a PIN, pattern or password or a SIM card is currently locked. Available from API 16. It’s not the best option to use, as it is also checking if a SIM card is locked, but it is totally better then nothing.

Secrets Keeper, Sign Up Screen

Now, in onStart() of your Activity, simply check if device is secured with lock screen, and if not, show security alert.

Full source code is available here.

Choose a Key

Now, when device is secured with Lock Screen, we can focus on application sensitive data protection, like user Master password and Secrets (see Encryption in Android (Part 1), Sample Project). We already know that encryption will be used for this. And first what we need to do is to choose what Key (symmetric, asymmetric) and Algorithm to use.

Also we know that Symmetric Keys are available from Android 23+ API, and Asymmetric from 18+ API (see Encryption in Android (Part 1), Android Key Store). Our choice is predictable, we will use Asymmetric Keys, but still, what algorithm to chose? Lets search for help in documentation :