firebase-js-sdk icon indicating copy to clipboard operation
firebase-js-sdk copied to clipboard
verified publisher icon firebase

FR: Firebase auth instance stored android device storage in unencrypted way

Open lawanyaselvamani opened this issue 4 years ago • 2 comments

[REQUIRED] Describe your environment

  • Operating System version: android (> 6)
  • Firebase Product: firebase

[REQUIRED] Describe the problem

on developing a react-native android application there I'm using firebase for authentication purposes. I could see the auth instance stored in Sqlite RkStorage in an unencrypted manner.

I felt it is an unsecured way and we facing some security alerts due to this on security check since auth instance having refresh token, access token, and other sensitive information of the user, this can cause hacking the user data when the android device is rooted.

My current case

image

Since I'm using the firebase library I don't know how to control it to make the auth instance encrypted while storing to device storage.

Kindly correct me if any point is wrong and suggest any better way to proceed further on it if it is possible.

lawanyaselvamani avatar May 12 '21 10:05 lawanyaselvamani

Any updates on the feature request guys ??

Lawanya-juakali avatar Dec 05 '23 12:12 Lawanya-juakali

Following up on this, require a secure way to store this sensitive information.

coopertim13 avatar Jun 29 '24 11:06 coopertim13