When using the SDP APIs, what is the difference between default engine and custom engine?

The default engine uses the device unlock password to generate a cryptographic key for data encryption and decryption. The custom engine uses an app-specific password to generate the cryptographic key. This app-specific password can be set by the app user; it is up to the app to set or reset the password that is used.