diff --git a/briar-android/src/main/java/org/briarproject/briar/android/controller/ConfigControllerImpl.java b/briar-android/src/main/java/org/briarproject/briar/android/controller/ConfigControllerImpl.java
index 3969712c61cce196d743c25d8853e058161cedab..0248aae5ee348033293011d7e8d86d0b656f0eda 100644
--- a/briar-android/src/main/java/org/briarproject/briar/android/controller/ConfigControllerImpl.java
+++ b/briar-android/src/main/java/org/briarproject/briar/android/controller/ConfigControllerImpl.java
@@ -33,6 +33,7 @@ public class ConfigControllerImpl implements ConfigController {
 	private static final String DB_KEY_BACKUP_FILENAME = "db.key.bak";
 
 	private final SharedPreferences briarPrefs;
+	private final File dbKeyFile, dbKeyBackupFile;
 	protected final DatabaseConfig databaseConfig;
 
 	@Inject
@@ -40,6 +41,9 @@ public class ConfigControllerImpl implements ConfigController {
 			DatabaseConfig databaseConfig) {
 		this.briarPrefs = briarPrefs;
 		this.databaseConfig = databaseConfig;
+		File keyDir = databaseConfig.getDatabaseKeyDirectory();
+		dbKeyFile = new File(keyDir, DB_KEY_FILENAME);
+		dbKeyBackupFile = new File(keyDir, DB_KEY_BACKUP_FILENAME);
 	}
 
 	@Override
@@ -61,10 +65,10 @@ public class ConfigControllerImpl implements ConfigController {
 
 	@Nullable
 	private String getDatabaseKeyFromFile() {
-		String key = readDbKeyFromFile(getDbKeyFile());
+		String key = readDbKeyFromFile(dbKeyFile);
 		if (key == null) {
 			LOG.info("No database key in primary file");
-			key = readDbKeyFromFile(getDbKeyBackupFile());
+			key = readDbKeyFromFile(dbKeyBackupFile);
 			if (key == null) LOG.info("No database key in backup file");
 			else LOG.warning("Found database key in backup file");
 		} else {
@@ -91,16 +95,6 @@ public class ConfigControllerImpl implements ConfigController {
 		}
 	}
 
-	private File getDbKeyFile() {
-		return new File(databaseConfig.getDatabaseKeyDirectory(),
-				DB_KEY_FILENAME);
-	}
-
-	private File getDbKeyBackupFile() {
-		return new File(databaseConfig.getDatabaseKeyDirectory(),
-				DB_KEY_BACKUP_FILENAME);
-	}
-
 	private void migrateDatabaseKeyToFile(String key) {
 		if (storeEncryptedDatabaseKey(key)) {
 			if (briarPrefs.edit().remove(PREF_DB_KEY).commit())
@@ -114,39 +108,48 @@ public class ConfigControllerImpl implements ConfigController {
 	@Override
 	public boolean storeEncryptedDatabaseKey(String hex) {
 		LOG.info("Storing database key in file");
-		File dbKey = getDbKeyFile();
-		File dbKeyBackup = getDbKeyBackupFile();
 		// Create the directory if necessary
 		if (databaseConfig.getDatabaseKeyDirectory().mkdirs())
 			LOG.info("Created database key directory");
 		// If only the backup file exists, rename it so we don't overwrite it
-		if (dbKeyBackup.exists() && !dbKey.exists()) {
-			if (dbKeyBackup.renameTo(dbKey)) LOG.info("Renamed old backup");
+		if (dbKeyBackupFile.exists() && !dbKeyFile.exists()) {
+			if (dbKeyBackupFile.renameTo(dbKeyFile))
+				LOG.info("Renamed old backup");
 			else LOG.warning("Failed to rename old backup");
 		}
 		try {
 			// Write to the backup file
-			FileOutputStream out = new FileOutputStream(dbKeyBackup);
-			out.write(hex.getBytes("UTF-8"));
-			out.flush();
-			out.close();
+			writeDbKeyToFile(hex, dbKeyBackupFile);
 			LOG.info("Stored database key in backup file");
 			// Delete the old primary file, if it exists
-			if (dbKey.exists()) {
-				if (dbKey.delete()) LOG.info("Deleted primary file");
+			if (dbKeyFile.exists()) {
+				if (dbKeyFile.delete()) LOG.info("Deleted primary file");
 				else LOG.warning("Failed to delete primary file");
 			}
 			// The backup file becomes the new primary
-			boolean renamed = dbKeyBackup.renameTo(dbKey);
-			if (renamed) LOG.info("Renamed backup file to primary");
-			else LOG.warning("Failed to rename backup file to primary");
-			return renamed;
+			if (dbKeyBackupFile.renameTo(dbKeyFile)) {
+				LOG.info("Renamed backup file to primary");
+			} else {
+				LOG.warning("Failed to rename backup file to primary");
+				return false; // Don't overwrite our only copy
+			}
+			// Write a second copy to the backup file
+			writeDbKeyToFile(hex, dbKeyBackupFile);
+			LOG.info("Stored second copy of database key in backup file");
+			return true;
 		} catch (IOException e) {
 			if (LOG.isLoggable(WARNING)) LOG.log(WARNING, e.toString(), e);
 			return false;
 		}
 	}
 
+	private void writeDbKeyToFile(String key, File f) throws IOException {
+		FileOutputStream out = new FileOutputStream(f);
+		out.write(key.getBytes("UTF-8"));
+		out.flush();
+		out.close();
+	}
+
 	@Override
 	public void deleteAccount(Context ctx) {
 		LOG.info("Deleting account");
diff --git a/briar-android/src/main/java/org/briarproject/briar/android/login/PasswordControllerImpl.java b/briar-android/src/main/java/org/briarproject/briar/android/login/PasswordControllerImpl.java
index 1ecdef55b99ace7ad1ee33e4fe4bbf380e9a129c..121b7e119206f6e821db2bcd8868333f0420de49 100644
--- a/briar-android/src/main/java/org/briarproject/briar/android/login/PasswordControllerImpl.java
+++ b/briar-android/src/main/java/org/briarproject/briar/android/login/PasswordControllerImpl.java
@@ -72,8 +72,7 @@ public class PasswordControllerImpl extends ConfigControllerImpl
 			} else {
 				String hex =
 						encryptDatabaseKey(new SecretKey(key), newPassword);
-				boolean stored = storeEncryptedDatabaseKey(hex);
-				resultHandler.onResult(stored);
+				resultHandler.onResult(storeEncryptedDatabaseKey(hex));
 			}
 		});
 	}
diff --git a/briar-android/src/test/java/org/briarproject/briar/android/TestDatabaseKeyUtils.java b/briar-android/src/test/java/org/briarproject/briar/android/TestDatabaseKeyUtils.java
index 70d375be215025e0c1cb8d0ecaf0e8bbe151d78e..0e9173105fa19f99747e91c4c68d25fbb2bd2138 100644
--- a/briar-android/src/test/java/org/briarproject/briar/android/TestDatabaseKeyUtils.java
+++ b/briar-android/src/test/java/org/briarproject/briar/android/TestDatabaseKeyUtils.java
@@ -17,7 +17,7 @@ import static junit.framework.Assert.assertTrue;
 public class TestDatabaseKeyUtils {
 
 	public static void storeDatabaseKey(File f, String hex) throws IOException {
-		assertTrue(f.getParentFile().mkdirs());
+		f.getParentFile().mkdirs();
 		FileOutputStream out = new FileOutputStream(f);
 		out.write(hex.getBytes("UTF-8"));
 		out.flush();
diff --git a/briar-android/src/test/java/org/briarproject/briar/android/controller/ConfigControllerImplTest.java b/briar-android/src/test/java/org/briarproject/briar/android/controller/ConfigControllerImplTest.java
index fb80f144156bc79e4349f6338791fba68a2861ba..859792b3c9872de53ef0c8d03b430be30ef14f30 100644
--- a/briar-android/src/test/java/org/briarproject/briar/android/controller/ConfigControllerImplTest.java
+++ b/briar-android/src/test/java/org/briarproject/briar/android/controller/ConfigControllerImplTest.java
@@ -62,8 +62,9 @@ public class ConfigControllerImplTest extends BrambleMockTestCase {
 		assertEquals(encryptedKeyHex, c.getEncryptedDatabaseKey());
 
 		assertTrue(keyFile.exists());
-		assertFalse(keyBackupFile.exists());
+		assertTrue(keyBackupFile.exists());
 		assertEquals(encryptedKeyHex, loadDatabaseKey(keyFile));
+		assertEquals(encryptedKeyHex, loadDatabaseKey(keyBackupFile));
 	}
 
 	@Test
@@ -165,8 +166,9 @@ public class ConfigControllerImplTest extends BrambleMockTestCase {
 		assertTrue(c.storeEncryptedDatabaseKey(encryptedKeyHex));
 
 		assertTrue(keyFile.exists());
-		assertFalse(keyBackupFile.exists());
+		assertTrue(keyBackupFile.exists());
 		assertEquals(encryptedKeyHex, loadDatabaseKey(keyFile));
+		assertEquals(encryptedKeyHex, loadDatabaseKey(keyBackupFile));
 	}
 
 	@Test
@@ -191,8 +193,9 @@ public class ConfigControllerImplTest extends BrambleMockTestCase {
 		assertTrue(c.storeEncryptedDatabaseKey(encryptedKeyHex));
 
 		assertTrue(keyFile.exists());
-		assertFalse(keyBackupFile.exists());
+		assertTrue(keyBackupFile.exists());
 		assertEquals(encryptedKeyHex, loadDatabaseKey(keyFile));
+		assertEquals(encryptedKeyHex, loadDatabaseKey(keyBackupFile));
 	}
 
 	@After
diff --git a/briar-android/src/test/java/org/briarproject/briar/android/login/PasswordControllerImplTest.java b/briar-android/src/test/java/org/briarproject/briar/android/login/PasswordControllerImplTest.java
index 27a15af86a94c56b4bb348ed1b23e104c2c89813..427dfa772d1cb52b75e2264344e8f4c2c8cf66d3 100644
--- a/briar-android/src/test/java/org/briarproject/briar/android/login/PasswordControllerImplTest.java
+++ b/briar-android/src/test/java/org/briarproject/briar/android/login/PasswordControllerImplTest.java
@@ -67,6 +67,7 @@ public class PasswordControllerImplTest extends BrambleMockTestCase {
 		assertFalse(keyBackupFile.exists());
 
 		storeDatabaseKey(keyFile, toHexString(oldEncryptedKey));
+		storeDatabaseKey(keyBackupFile, toHexString(oldEncryptedKey));
 
 		PasswordControllerImpl p = new PasswordControllerImpl(briarPrefs,
 				databaseConfig, cryptoExecutor, crypto, estimator);
@@ -76,8 +77,10 @@ public class PasswordControllerImplTest extends BrambleMockTestCase {
 		assertTrue(capturedResult.get());
 
 		assertTrue(keyFile.exists());
-		assertFalse(keyBackupFile.exists());
+		assertTrue(keyBackupFile.exists());
 		assertEquals(toHexString(newEncryptedKey), loadDatabaseKey(keyFile));
+		assertEquals(toHexString(newEncryptedKey),
+				loadDatabaseKey(keyBackupFile));
 	}
 
 	@Test
@@ -98,6 +101,7 @@ public class PasswordControllerImplTest extends BrambleMockTestCase {
 		assertFalse(keyBackupFile.exists());
 
 		storeDatabaseKey(keyFile, toHexString(oldEncryptedKey));
+		storeDatabaseKey(keyBackupFile, toHexString(oldEncryptedKey));
 
 		PasswordControllerImpl p = new PasswordControllerImpl(briarPrefs,
 				databaseConfig, cryptoExecutor, crypto, estimator);
@@ -107,8 +111,10 @@ public class PasswordControllerImplTest extends BrambleMockTestCase {
 		assertFalse(capturedResult.get());
 
 		assertTrue(keyFile.exists());
-		assertFalse(keyBackupFile.exists());
+		assertTrue(keyBackupFile.exists());
 		assertEquals(toHexString(oldEncryptedKey), loadDatabaseKey(keyFile));
+		assertEquals(toHexString(oldEncryptedKey),
+				loadDatabaseKey(keyBackupFile));
 	}
 
 	@After
diff --git a/briar-android/src/test/java/org/briarproject/briar/android/login/SetupControllerImplTest.java b/briar-android/src/test/java/org/briarproject/briar/android/login/SetupControllerImplTest.java
index 21568344be49972ea8f44a76f558e3282b55f580..b0df4cde8b324b80c67a42f4656749b08828a5b8 100644
--- a/briar-android/src/test/java/org/briarproject/briar/android/login/SetupControllerImplTest.java
+++ b/briar-android/src/test/java/org/briarproject/briar/android/login/SetupControllerImplTest.java
@@ -102,8 +102,9 @@ public class SetupControllerImplTest extends BrambleMockTestCase {
 		assertTrue(called.get());
 
 		assertTrue(keyFile.exists());
-		assertFalse(keyBackupFile.exists());
+		assertTrue(keyBackupFile.exists());
 		assertEquals(toHexString(encryptedKey), loadDatabaseKey(keyFile));
+		assertEquals(toHexString(encryptedKey), loadDatabaseKey(keyBackupFile));
 	}
 
 	@After