How to Store Encrypted Secrets in Android & iOS Memory

Last updated April 17, 2023 by Appdome

Learn 4 Easy Steps to Store Encrypted Secrets in Android & iOS Memory. Protect app secrets in encrypted memory. No Code, No SDK, Continuous Security.

With In-App Generated Seed and Smart Offline Handoff for Data at Rest Encryption, you can store and encrypt secrets in protected memory and seed it with an external secret. The secret can be derived from a backend server or from user input. Appdome’s Storing in Protected Memory enables you to protect those secrets by storing them in the mobile app encrypted memory.

This Knowledge Base article summarizes the steps needed to store those external secrets used by a mobile app in the app encrypted memory.

We hope you find it useful and enjoy using Appdome!

Why Store Encrypted Secrets in Android & iOS Memory

Although the application’s memory is protected from other malicious applications using iOS and Android sandboxing, there are multiple cases when the memory is not protected:

  • There are specialized kernels that remove memory protection
  • In rooted mobile devices:
    • (iOS) Users can use the function vm_readto view the app memory.
    • (Android) Users can view the app memory files under /proc/<pid>/mem
  • Zero-day attacks
  • Malicious dynamic reverse-engineering and debugging attempts on the app.

Most of those scenarios are covered by Appdome Jailbreak and Root Detection and Anti-Debugging protection. In addition, to fully protect and harden any mobile app data and secrets, Appdome developed Store in Protected Memory solution.

About Encrypted Memory

Using a special technique, Appdome stores the sensitive data (secrets) and encrypts it in the process’s memory. The data will remain encrypted throughout the entire process’ runtime. When the application accesses this memory, it will manage to access the original data, while external access will read the encrypted data.

Due to the nature of encrypted memory, memory access takes longer than usual. For this reason, Appdome does not encrypt the entire process memory, but only the essential information that is generated from the application when enabling Appdome’s In-App Generated Seed and Smart Offline Handoff.

When Appdome stores those generated keys, it will be using encrypted memory, and the secrets will be protected. Notice that in order to fully protect the keys, the app developer is required to exercise responsible coding practices and wipe the secret from within the app code after passing it to Appdome. Otherwise, in case the application’s memory would be dumped, the secret will appear there. Remember – a chain is only as strong as its weakest link!

Appdome is a mobile integration platform as a service (iPaaS) that allows users to add a wide variety of features, SDKs, and APIs to Android and iOS apps. Using a simple ‘click to add’ user interface, Appdome allows anyone to easily implement storing in protected memory to any mobile app – instantly, no code or coding required.

Using Appdome, there are no development or coding prerequisites. For example, there is no Appdome SDK, libraries, or plug-ins to implement. Likewise, there is no requirement to implement data at rest encryption manually or encrypt the entire memory in order to protect the application secret. Using Appdome, mobile apps will have data at rest capabilities as if they were natively coded into the app. Except using Appdome, the integration takes less than a minute, and there’s no coding at all.

Prerequisites to store and encrypt secrets in Protected Memory

How to Store and Encrypt Secrets in Protected Memory 

To enable Storing in Protected Memory to any mobile app:

  1. Follow these steps to add a mobile app to your Appdome account.
  2. Go to Build > Security.
  3. Expand TOTALDataTM Encryption category and enable (toggle On) Data at Rest Encryption.
  4. Expand Encryption Control.
  5. Click on the relevant toggle to enable In-App Generated Seed or  Smart Offline Handoff.
  6. Enable Store in Protected Memory.
  7. Click Build My App

encrypt secrets protected memory

Success Msg

Congratulations! You now have a mobile app fully integrated with Store in Protected Memory.

Storing in Protected Memory Example

We built an example app with Storing in Protected Memory. The app stores a string in protected memory and prints it.

Here is the application output. The data was printed correctly by the application:

encrypt memory ios android

However, when we look at the memory which stores it using lldb debugger, we can see the data is encrypted:

encrypted strings using Appdome encryption

The encryption changes among executions, so when the application was executed again, the memory held different data:

No Coding Dependency

Using Appdome, there are no development or coding prerequisites to store mobile app secrets in encrypted memory.  There is no SDK and no library to manually code or implement in the app. The Appdome technology adds the relevant standards, frameworks, and logic to the app automatically, with no manual development work at all.

How to Sign & Publish Secured Mobile Apps Built on Appdome  

After successfully securing your app using Appdome, there are several available options to complete your project, depending on your app lifecycle or workflow. These include 

Or, see this quick reference Releasing Secured Android & iOS Apps built on Appdome. 

How To Learn More?

This topic expands on Data at Rest encryption, you can read more about it at Data at rest encryption for mobile apps

Check out the full menu of features in the Appdome Mobile Security Suite

If you have any questions, please send them our way at or via the chat window on the Appdome platform.

Or request a demo at any time.

Thank you!

Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app security easy. We hope we’re living up to the mission with your project. If you don’t already have an account, you can sign up for free.



let's solve it together

DanaMaking your security project a success!
By filling out this form, you opt-in to recieve emails from us.