I want to store sensitive data locally in a React Native app.
Is the data only available to the app that wrote it?
I want to store sensitive data locally in a React Native app.
Is the data only available to the app that wrote it?
AsyncStorage is not suitable for storing sensitive information. You might find this useful: https://github.com/oblador/react-native-keychain
It uses facebook conceal/android keystore to store encrypted data to SharedPreferences
(Android) and keychain on iOS. (I co-authored the lib). Be sure to read the entire readme to understand what it offers.
No, AsyncStorage is not secure for sensitive data. AsyncStorage simply saves data to documents on the phone's hard drive, and therefore anyone with access to the phone's file system can read that data. Of course, whether or not this is problematic for you depends on what you mean by "senstive data."
At least on iOS, it is true that the data is only available to the app that wrote it, because of Apple's sandboxing policy. This doesn't stop jailbroken iPhones with root access to the file system from getting whatever they want, since AsyncStorage does not encrypt any of its data. But in general, don't save sensitive data to AsyncStorage, for the same reason you shouldn't hard code sensitive data in your javascript code, since it can be easily decompiled and read.
For very sensitive app or user data, you could try something like https://github.com/oblador/react-native-keychain on iOS(uses iOS Keychain) or https://github.com/classapp/react-native-sensitive-info for both Android and iOS(uses Android Shared Preference and iOS Keychain).
Both of them come with very fluent API and straightforward way of linking with react-native link
and are a more secure way of preserving data you want to keep away from prying eyes.
I've faced the same problem on a project I was working on, we were using a custom wrapper for AsyncStorage, stored some amount of data and then we tried to retrieve the same data... and it was so easy.
We get over that problem by using Realm with the encryption option and it was a easier, faster and better solution than AsyncStorage.
From react-native doc - https://facebook.github.io/react-native/docs/asyncstorage.html
AsyncStorage is a simple, unencrypted, asynchronous, persistent, key-value storage system that is global to the app.
Its not secure as it stores key-value pairs in unencrypted form on device.
It used keychain for iOS and KeyStore for Android for storing data securely.