Adding some type of credentials storage would not be a security panacea, but would surely make it a lot easier for app developers which would not have to worry about reinventing the security wheel, which we know from experience, is guaranteed to generate lots of really bad (unsecure) solutions.
If such a feature was part of the Android API, then the underlying mechanism can be improved over time, so if encryption key hardware modules make it in to hansets, that would be used and so on. It would even be imaginable that you could have a completely different back-end for the credentials storage that stores your (encrypted) passwords in the cloud, and give the user the possibility of controlling system-wide the timeout for passwords, and so on.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds