bm777
commented
2 years ago Thank you for the Input. The first option looks interesting, it would be nice to include FaceId or TouchId as a quick way to log in.
Open Dudleyneedham opened 2 years ago
bm777
commented
2 years ago Thank you for the Input. The first option looks interesting, it would be nice to include FaceId or TouchId as a quick way to log in.
Dudleyneedham
commented
2 years ago Also, found that react native has an extensive resource on security. I highly recommend reading through - https://reactnative.dev/docs/security
The async storage is currently unencrypted.
The application should have a way to encrypt the data being placed into the storage and decrypted after retrieval.
It is recommended to look at ways of securing the application.
An article can be found here as some form of reference - https://docs.expo.dev/versions/v46.0.0/sdk/local-authentication/
The bare minimum would be a password that the user must access the application.
For further reading about encrypting and decrypting with Expo - https://blog.logrocket.com/encrypted-local-storage-in-react-native/