Save sensitive data in React Native

by

Just digging into the React Native code, I found the answer.

Android

The React Native AsyncStoragemodule implementation is based on SQLiteOpenHelper.
The package where all the data classes are handled: https://github.com/facebook/react-native/tree/master/ReactAndroid/src/main/java/com/facebook/react/modules/storage

The class with the instructions to create the database: https://github.com/facebook/react-native/blob/master/ReactAndroid/src/main/java/com/facebook/react/modules/storage/ReactDatabaseSupplier.java

By the Android documentation, the databases created by the application are saved in private disk space that’s associated application, so it is secure.

Just like files that you save on the device’s internal storage,
Android stores your database in private disk space that’s associated
application. Your data is secure, because by default this area is not
accessible to other applications.

Source

iOS

In iOS the AsyncStorage values are saved in serialized dictionary files. Those files are saved in the application NSDocumentDirectory. In iOS all applications live in their own sandbox, so all files of one application are secured, they cannot be accessed by the other applications.

The code in iOS that handles the AsyncStorage module can be found here: https://github.com/facebook/react-native/blob/master/React/Modules/RCTAsyncLocalStorage.m

And as we can see here the files used to store the values saved by the AsyncStorage are saved under the NSDocumentDirectory (inside the application sandbox environment).

Every App Is an Island An iOS app’s interactions with the file system
are limited mostly to the directories inside the app’s sandbox. During
installation of a new app, the installer creates a number of
containers for the app. Each container has a specific role. The bundle
container holds the app’s bundle, whereas the data container holds
data for both the application and the user. The data container is
further divided into a number of directories that the app can use to
sort and organize its data. The app may also request access to
additional containers—for example, the iCloud container—at runtime.

Source

Conclusion

It is safe to use AsyncStorage to save user tokens, since they are saved under a secure context.

Please note that this is only true for Android devices without root and for iOS devices without jailbreak. Please also note that if the attacker has physical access to the device and the device is not protected. He can connect the device to the mac laptop and extract the documents directory and see all the contents saved under the documents directory.

More Related Contents:

  1. Best practice to create chat application with private rooms
  2. What are my options for storing data when using React Native? (iOS and Android) [closed]
  3. react-native: command not found
  4. How do you debug React Native?
  5. Disable Screen Capture/ScreenShot in React Native App
  6. How to disable font scaling in React Native for IOS And Android app?
  7. Is it possible for an app to POST to a web browser?
  8. Create an application that loads a website? [closed]
  9. Unable to load script from assets index.android.bundle on windows
  10. Capturing mobile phone traffic on Wireshark
  11. Executing Google Apps Script Functions from Mobile App
  12. Transfer data between iOS and Android via Bluetooth?
  13. Is it possible to create turn-by-turn GPS navigation app on Android/iOS using Google Maps?
  14. Android failed to load JS bundle
  15. How to free a component in Android / iOS
  16. error “Could not get BatchedBridge, make sure your bundle is packaged properly” on start of app
  17. Download files and store them locally with Phonegap/jQuery Mobile Android and iOS Apps
  18. Failed to find Build Tools revision 23.0.1
  19. How to format DateTime in Flutter
  20. Unable to connect with remote debugger
  21. App not setup: This app is still in development mode
  22. How to pass a message from Flutter to Native?
  23. React-Native :java.lang.UnsatisfiedLinkError: couldn’t find DSO to load: libhermes.so
  24. Redirect users to iTunes app store or google play store?
  25. Flutter: go_router how to pass multiple parameters to other screen?
  26. How to set build and version number of Flutter app
  27. How to solve (Could not initialize class org.codehaus.groovy.reflection.ReflectionCache) issue in react native
  28. React-native: Images not showing in android device; but shows perfectly in emulator
  29. How to use offline bundle on android for react native project?
  30. How can I implement SSL Certificate Pinning while using React Native

Leave a Comment