Investigate Android Keystore

[cokes518]

The new API target level automatically deletes apps that have not been used in a while, including its storage. This means users who do not use the Helium app may lose access, especially if they do not write down their 12 words.

iOS also auto-deletes the app but the data is stored in a secure way in iCloud so an app re-install will retrieve the 12 words.

we should find a similar android solution so users don't accidentally lose their keys forever.

[matthewcarlreetz]

@tyler-whitman and I (@matthewcarlreetz) have both spent a fair amount of time investigating and haven't been able to find a low friction way of doing this. Android simply doesn't have an equivalent of Apple's Keychain.

I think we would need to store a user password in EncryptedSharedPreferences, then use it to encrypt/decrypt the data. After deleting and reinstalling the app, they would need to re-enter the password. If they were to lose their password and their 12 words, they'd be out of luck.

https://thecodeside.medium.com/android-auto-backup-keystore-encryption-broken-heart-love-story-8277c8b10505

[wolfenhawke]

This is a high importance issue, but the solution may be as simple as documenting. That is, it should be highlighted to users that this could happen and re-iterate the importance of properly offline storing of the 12 words. The reason I am particularly concerned about this is if someone uses a second phone/wallet for cold storage, the nature of that is it may not be accessed for a long time. Now if the phone is off, it shouldn't affect any apps, but it's unclear what will happen once it's turned on maybe after a year of non-access and some delay in accessing the app.