Preventing Session Copy On Rooted Devices By Encrypting Current Session Files - Githubissues

parse-community / Parse-SDK-Android

The Android SDK for Parse Platform

https://parseplatform.org/

Other

1.88k stars 739 forks source link

Preventing Session Copy On Rooted Devices By Encrypting Current Session Files #1192

Open DrMimik opened 1 year ago

DrMimik commented 1 year ago

New Feature / Enhancement Checklist

[x] I am not disclosing a vulnerability.
[x] I am not just asking a question.
[x] I have searched through existing issues.

Current Limitation

Currently the SDK saved cached user session as clear text files.

Feature / Enhancement Description

Encrypting cached user sessions using Jetpack security features to prevent session copy on rooted devices.

Alternatives / Workarounds

No workarounds at the moment.

3rd Party References

I found this gist which provides a good way for testing encryption methods on Robolectric.

parse-github-assistant[bot] commented 1 year ago

Thanks for opening this issue!

🎉 We are excited about your ideas for improvement!