diff --git a/App-Security.md b/App-Security.md
index f58c9c6..98abafe 100644
--- a/App-Security.md
+++ b/App-Security.md
@@ -9,7 +9,7 @@ From ``./lint --show AllowBackup``:
 
 * Due to ``android:allowBackup="false"``, apps such as [Helium](https://play.google.com/store/apps/details?id=com.koushikdutta.backup) will **not** work
 * We explicitly do not implement a [Backup Agent](http://developer.android.com/guide/topics/data/backup.html), so no keys are transferred to Google's cloud.
-* All keys (secret and public) are stored inside the app's sqlite database. It resides in ``/data/data/org.sufficientlysecure.keychain/databases/openkeychain.db``
+* All keys (private and public) are stored inside the app's sqlite database. It resides in ``/data/data/org.sufficientlysecure.keychain/databases/openkeychain.db``
 * Like every app on Android OS, OpenKeychain is [sandboxed to prevent other apps from accessing OpenKeychain's data](https://source.android.com/devices/tech/security/#the-application-sandbox). To emphasize this again: This means that other apps **cannot** access the private keys of OpenKeychain under Android's security model.
 * There is only one way to get around this: If you install apps that you allow root access or apps that exploit bugs in the Android distribution on your device to do privilege escalation attacks.