encryptAesPlainText is used through setCipherText and setSecureKey to encrypt the data provided in the react native code. Therefore from my perspective it seems like all data saved on Android using this library is encrypted using AES/ECB/PKCS5Padding.
As pointed out in several CVEs "The use of the ECB operation mode can put the confidentiality of specific information at risk, even in an encrypted form."
Expected behavior
According to the README AES-CFB is used but I don't see any AES-CFB usage in the Android implementation.
The Android implementation defines https://github.com/ammarahm-ed/react-native-mmkv-storage/blob/5c653b745b1c30da16bc12dac665e393a1807a07/android/src/main/java/com/ammarahmed/mmkv/Constants.java#L11
and uses it for encryption/decryption of data:
https://github.com/ammarahm-ed/react-native-mmkv-storage/blob/5c653b745b1c30da16bc12dac665e393a1807a07/android/src/main/java/com/ammarahmed/mmkv/SecureKeystore.java#L235-L239
encryptAesPlainTextis used throughsetCipherTextandsetSecureKeyto encrypt the data provided in the react native code. Therefore from my perspective it seems like all data saved on Android using this library is encrypted usingAES/ECB/PKCS5Padding.As pointed out in several CVEs "The use of the ECB operation mode can put the confidentiality of specific information at risk, even in an encrypted form."
Expected behavior
According to the README AES-CFB is used but I don't see any AES-CFB usage in the Android implementation.
https://github.com/ammarahm-ed/react-native-mmkv-storage/blob/5c653b745b1c30da16bc12dac665e393a1807a07/README.md?plain=1#L140
Platform Information:
Note: Implementations for other platforms have not been checked for ECB usage.