Bad idea . The reason is the same as for hard-coded passwords . You can obfuscate and XOR the final password together from several places, but a capable hacker will monitor the deviceβs memory and reconstruct any smart protocol with sufficient time. It's him if he just steals the phone. Or it can mount side channel attacks and measure runtime or energy consumption, so guessing a key similar to safecrackers in movies will include bit by bit for bit and "listen" if they are closer to their target.
Thus, you can make it more difficult, but without a hardware protected storage mechanism (which will protect memory access and deceive power consumption, runtime, etc., like smart cards or hardware security modules), there is no chance to do it is safe.
The password must remain out of the band of information separated from the device. Ideally, the user enters it whenever necessary. Of course, this is tedious from the user's point of view - but at least it is safe.