parse-community
feat: Implementing encrypted local storage for user sessions
New Pull Request Checklist
- [x] I am not disclosing a vulnerability.
- [x] I am creating this PR in reference to an issue.
Issue Description
User data can be copied on rooted devices.
Closes: #1192
Approach
Encrypting local user session using Jetpack security features to ensure better security for rooted devices.
TODOs before merging
- [x] Add tests
- [ ] Add changes to documentation (guides, repository pages, in-code descriptions)
Thanks for opening this pull request!
- 🎉 We are excited about your hands-on contribution!
![parse-github-assistant[bot] avatar](https://avatars.githubusercontent.com/in/136195?v=4 "Published by a pub.dev verified publisher"){kind=small}
We don't have a specific policy for the duration of providing migration mechanisms. It depends on the type of change. In this case I'd see the mechanism staying for several years, so indefinite at this point. The reason is that it can be a years long process to migrate clientes once they are released to end-users.
@mtrezza @DrMimik I believe here we are on the finish line, what do you think can we get this merged?
Hi, pardon me if my question is out of the context. Why we need to Encrypt the user session for Rooted Device? If a device is rooted, the device is compromised. And to decrypt the Session Token, someone have to decrypt the token by using decode method to get JSON payload. If so, then session token is already Encrypted, so why do we need to add an extra security layer for the Session Token?
