[whymauri]

I'm not a mobile dev, but aren't there utilities like KeyStore for this?

https://developer.android.com/training/articles/keystore.htm...

[bootloop]

Well, the trick is that using a KeyStore ensures that the key doesn't leak into the application (but is only used for cryptographic operations in a trusted environment).

However, you would need the plain key to authenticate against the database so using this wouldn't work.

[whymauri]

Gotcha, I see the problem now.