KeyDroid: A Large-Scale Analysis of Secure Key Storage in Android Apps

Authors: Jenny Blessing (University of Cambridge), Ross Anderson (University of Cambridge, University of Edinburgh), Alastair Beresford (University of Cambridge)

Volume: 2026
Issue: 3
Pages: 215–235
DOI: https://doi.org/10.56553/popets-2026-0079

Download PDF

Abstract: Most contemporary mobile devices offer hardware-backed storage for cryptographic keys, user data, and other sensitive credentials. Such hardware is capable of protecting credentials from extraction by an adversary who has compromised the main operating system, such as a malicious third-party app. Since 2011, Android app developers can access trusted hardware via the Android Keystore API, making hardware-backed key storage a widely accessible PET. In this work, we conduct the first comprehensive survey of hardware-backed key storage in Android devices. We analyze 490,119 Android apps, collecting data on how trusted hardware is used by app developers (if at all) and cross-referencing our findings with sensitive user data collected by each app, as self-reported by developers via the Play Store’s data safety labels. We find that despite industry-wide initiatives to encourage adoption, 56% of apps self-reporting as processing sensitive user data do not use Android’s trusted hardware capabilities at all, while just 5% of apps collecting some form of sensitive data use the strongest form of trusted hardware, a secure element distinct from the main processor. To better understand the potential downsides of using secure hardware, we conduct the first empirical analysis of trusted hardware performance in mobile devices, measuring the runtime of common cryptographic operations across both software- and hardware-backed keystores and providing the first empirical analysis to date of the performance of secure elements in mobile devices. We find that while hardware-backed key storage using a coprocessor is viable for most common cryptographic operations, secure elements capable of preventing more advanced attacks make performance infeasible for symmetric encryption with non-negligible payloads.

Keywords: trusted hardware, key storage, Android, secure element

Copyright in PoPETs articles are held by their authors. This article is published under a Creative Commons Attribution 4.0 license.