{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 Melony? 的问题《Is React Native's Async Storage secure?》','https://www.manongdao.com/q-95383.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I want to store sensitive data locally in a React Native app.
Is the data only available to the app that wrote it?
相关问题
- React Native Inline style for multiple Text in sin
- How Do I Convert Image URI into Byte Expo
- ApolloClient from apollo-boost attemped to assign
- Implementing ssl pinning in a react-native applica
- React-Native: Enable Performance Monitor in produc
相关文章
- Why do we have to call `.done()` at the end of a p
- Remove expo from react native
- React Native - Dynamic Image Source
- “Unfortunately, app has stopped” error with buildi
- eslint Parsing error: Unexpected token =
- How to determine JS bottlenecks in React Native co
- How to override navigation options in functional c
- PanResponder snaps Animated.View back to original
Its not secure as it stores key-value pairs in unencrypted form on device.
It used keychain for iOS and KeyStore for Android for storing data securely.
AsyncStorage is not suitable for storing sensitive information. You might find this useful: https://github.com/oblador/react-native-keychain
It uses facebook conceal/android keystore to store encrypted data to
SharedPreferences(Android) and keychain on iOS. (I co-authored the lib). Be sure to read the entire readme to understand what it offers.I've faced the same problem on a project I was working on, we were using a custom wrapper for AsyncStorage, stored some amount of data and then we tried to retrieve the same data... and it was so easy.
We get over that problem by using Realm with the encryption option and it was a easier, faster and better solution than AsyncStorage.
No, AsyncStorage is not secure for sensitive data. AsyncStorage simply saves data to documents on the phone's hard drive, and therefore anyone with access to the phone's file system can read that data. Of course, whether or not this is problematic for you depends on what you mean by "senstive data."
At least on iOS, it is true that the data is only available to the app that wrote it, because of Apple's sandboxing policy. This doesn't stop jailbroken iPhones with root access to the file system from getting whatever they want, since AsyncStorage does not encrypt any of its data. But in general, don't save sensitive data to AsyncStorage, for the same reason you shouldn't hard code sensitive data in your javascript code, since it can be easily decompiled and read.
For very sensitive app or user data, you could try something like https://github.com/oblador/react-native-keychain on iOS(uses iOS Keychain) or https://github.com/classapp/react-native-sensitive-info for both Android and iOS(uses Android Shared Preference and iOS Keychain).
Both of them come with very fluent API and straightforward way of linking with
react-native linkand are a more secure way of preserving data you want to keep away from prying eyes.