I'm developing an application for Android / iOS mobile devices, in this application the communication with the server is done in encrypted form. The user application, when first started, generates a public / private key. The public key is sent to the server where it will be stored and the private key is stored on the client's machine. In this respect, I believe it works similarly to the WhatsApp messaging application. However, I do not know how to protect this private password stored on the device. It can not be captured by third parties, so as not to compromise user safety. How to deal with this?