Android Keystore store access tokens

About

Asked 28/12, 2015 at 20:51 Answered 28/12, 2015 at 20:55

Solved android access-token android-keystore

In my application, upon user successful authentication using OAuth I need to store the access token returned by the REST API. I was thinking of using the keystore to store this token for further use in the application. But so far I havent seen an implementation which stores already generated keys using android keystore APIs. Is there any example or code snippet which stores already generated tokens.

Also if I use keystore to store the access tokens, can the rooted phone users gain access to these tokens?

Thanks.

Organize answered 28/12, 2015 at 20:51 Comment(0)

The following blog post provides a very good explanation on how to go about doing this.

http://nelenkov.blogspot.com/2012/05/storing-application-secrets-in-androids.html

Also it should not matter if a rooted phone user can gain access to these tokens if they are encrypted. Fortunately, Android's system keystore daemon encrypts keys using AES.

Septivalent answered 28/12, 2015 at 20:55 Comment(1)

Not sure this should be the accepted answer given the following disclaimer from the link above: "It will introduce private API's, not available via the Android SDK and some OS services implementation details. Those may change at any time, and are not guaranteed to work. While the techniques described have been tested on a few different devices and OS versions (2.1 to 4.0), there are no guarantees. Use caution if you decide to implement them in a production app." – Trottier 18/6, 2018 at 14:40

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags