The primary focus of this chapter will be on how to make use of cryptography properly to store data securely on a device. We start with creating a consistent cryptography foundation by including our own encryption implementation libraries to give support to stronger encryption algorithms on older devices.

One of the straightforward items to tackle is the generation of symmetric encryption keys; however, the default settings are not always more secure. We look at the specific parameters to ensure the strongest encryption and review a common antipattern and OS bug that limits the security of the generated keys.

Then, we look at several ways in which we can securely store encryption keys using third-party libraries or a system service called the Android KeyStore that was introduced in Android 4.3. Going further, we learn how to avoid storing the key on the device altogether using a key derivation function to generate a key from the user's password or pin code.

We'll cover how to integrate SQLCipher efficiently to ensure that your applications' SQLite database is encrypted to dramatically increase the security of your app data.

We will wrap up with a look at the Device Administration API that is designed for enterprises to enforce device policies and safeguards to further protect the device. We implement two factitious (yet sensible) enterprise policies to ensure that the device has enabled encrypted storage and meets lock screen timeout requirements.