My android application has account, passwd and other important information needs to store in its database. So concern about security, i am now studying encrypt these data to save in the database and decrypt it again when needed.
Using salt and iteration can make the encrypt data more strong. This part i understand how to do it. But my concern here comes that there is a lot discussion that not suggest to hard-coded AES key or PBE key. But without the key, i can't decrypt the data again (I do need to decrypt it again).
Is there any good suggestion for android application to save the key?
Thanks a lot.
Save your data in .so file. you need to implement ndk integration in your project. It will make it much more difficult to hack. and you can get your value back from c++ file. Also check for package name in c++ to make sure your so file is not used in any other application.