I want to store store some app specific secret on the phone - this should be available only for the app & no other app.
I was looking at DPAPI - however, if the user does not have a logon password, then it seems like the master key will be accessible to everyone. Also I am not clear what else to pass as the entropy parameter.
