FR: Firebase auth instance stored android device storage in unencrypted way

[lawanyaselvamani]

[REQUIRED] Describe your environment

• Operating System version: android (> 6)
• Firebase Product: firebase

[REQUIRED] Describe the problem

on developing a react-native android application there I'm using firebase for authentication purposes. I could see the auth instance stored in Sqlite RkStorage in an unencrypted manner.

I felt it is an unsecured way and we facing some security alerts due to this on security check since auth instance having refresh token, access token, and other sensitive information of the user, this can cause hacking the user data when the android device is rooted.

My current case

Since I'm using the firebase library I don't know how to control it to make the auth instance encrypted while storing to device storage.

Kindly correct me if any point is wrong and suggest any better way to proceed further on it if it is possible.

[Lawanya-juakali]

Any updates on the feature request guys ??

[coopertim13]

Following up on this, require a secure way to store this sensitive information.