diff --git a/KeyStorage.cpp b/KeyStorage.cpp
index 8878a3c..be43b33 100644
--- a/KeyStorage.cpp
+++ b/KeyStorage.cpp
@@ -35,6 +35,7 @@
 
 #include <android-base/file.h>
 #include <android-base/logging.h>
+#include <android-base/unique_fd.h>
 
 #include <cutils/properties.h>
 
@@ -152,10 +153,29 @@ static bool readFileToString(const std::string& filename, std::string* result) {
 }
 
 static bool writeStringToFile(const std::string& payload, const std::string& filename) {
-    if (!android::base::WriteStringToFile(payload, filename)) {
+    android::base::unique_fd fd(TEMP_FAILURE_RETRY(
+        open(filename.c_str(), O_WRONLY | O_CREAT | O_NOFOLLOW | O_TRUNC | O_CLOEXEC, 0666)));
+    if (fd == -1) {
+        PLOG(ERROR) << "Failed to open " << filename;
+        return false;
+    }
+    if (!android::base::WriteStringToFd(payload, fd)) {
         PLOG(ERROR) << "Failed to write to " << filename;
+        unlink(filename.c_str());
         return false;
     }
+    // fsync as close won't guarantee flush data
+    // see close(2), fsync(2) and b/68901441
+    if (fsync(fd) == -1) {
+        if (errno == EROFS || errno == EINVAL) {
+            PLOG(WARNING) << "Skip fsync " << filename
+                          << " on a file system does not support synchronization";
+        } else {
+            PLOG(ERROR) << "Failed to fsync " << filename;
+            unlink(filename.c_str());
+            return false;
+        }
+    }
     return true;
 }