react-native-storage icon indicating copy to clipboard operation
react-native-storage copied to clipboard

Published 20 hours ago verified publisher icon sunnylqm

Question: Is the data stored encrypted? Is it easily accessible from the file system?

Open Eyesonly88 opened this issue 7 years ago • 8 comments

Hey there,

Got another question regarding accessing the raw data that I'm storing using the library. Can the data be accessed easily from the file system (Android/iOS)? Is it encrypted?

I'm wondering if I should store sensitive data (e.g. user purchases) using this library or not. Any recommendation? Cheers.

Eyesonly88 avatar Jan 03 '17 09:01 Eyesonly88

Any encryption for local data is unreliable. So never store password in any form of local data. But not worry too much, local data is safer than network request, cause the "hacker" must have the device in his hand to dig any local data (and of course keep the device safe is not your duty). Data other than password, such as privacy info, I think is OK (just my personal opinion).

sunnylqm avatar Jan 04 '17 00:01 sunnylqm

Thanks for the response @sunnylqm. I won't be storing password info so I think it should be fine like you said. However, I'm still wondering about this part of the question:

"Can the data be accessed easily from the file system (Android/iOS)?"

Eyesonly88 avatar Jan 06 '17 01:01 Eyesonly88

I don't know. I never tried.

sunnylqm avatar Jan 06 '17 01:01 sunnylqm

Ok thanks. I'll see if I can figure it out and if I do, i'll post my result here. Cheers 👍

Eyesonly88 avatar Jan 06 '17 02:01 Eyesonly88

Hello, if I'm correct this library is based on AsyncStorage, which itself based on SQLite on Android and simple dictionary on iOS. That's why I'm 99% sure that data is stored in private application storage which is not accessible by other apps by default

Knight704 avatar May 11 '17 12:05 Knight704

@Knight704 basically, using unencrypted SQLite means we shouldn't store sensitive data here like user info, even id. it can be use for impersonation hacking while using REST API

dzpt avatar Jul 10 '17 18:07 dzpt

AsyncStorage data can be access/read from device.Read here

On device (iPhone), I can backup all data into iTunes then use some tool to extract and read data in app, ex: Documents folder.

anhhtz avatar Aug 25 '18 05:08 anhhtz

Any encryption for local data is unreliable. So never store password in any form of local data. But not worry too much, local data is safer than network request, cause the "hacker" must have the device in his hand to dig any local data (and of course keep the device safe is not your duty). Data other than password, such as privacy info, I think is OK (just my personal opinion).

I personally want a password-manager app storing passwords locally in local db. I insert only the encrypted strings. Good idea?

vilmes21 avatar Mar 11 '19 02:03 vilmes21