Open DrMimik opened 1 year ago
We don't have a specific policy for the duration of providing migration mechanisms. It depends on the type of change. In this case I'd see the mechanism staying for several years, so indefinite at this point. The reason is that it can be a years long process to migrate clientes once they are released to end-users.
@mtrezza @DrMimik I believe here we are on the finish line, what do you think can we get this merged?
Hi, pardon me if my question is out of the context. Why we need to Encrypt
the user session for Rooted Device? If a device is rooted, the device is compromised. And to decrypt the Session Token
, someone have to decrypt the token by using decode method to get JSON
payload. If so, then session token is already Encrypted
, so why do we need to add an extra security layer for the Session Token
?
New Pull Request Checklist
Issue Description
User data can be copied on rooted devices.
Closes: #1192
Approach
Encrypting local user session using Jetpack security features to ensure better security for rooted devices.
TODOs before merging