Redth
commented
5 years ago We are planning on deprecating AccountStore and are encouraging the use of the Secure Storage API's in Xamarin.Essentials: https://docs.microsoft.com/en-us/xamarin/essentials/secure-storage?tabs=ios
You'll be able to set the Accessible value in the Xamarin.Essentials API's: https://docs.microsoft.com/en-us/dotnet/api/xamarin.essentials.securestorage.defaultaccessible?view=xamarin-essentials-ios&viewFallbackFrom=xamarin-essentials-android
Xamarin.Auth Issue
Feature description
I would like the ability to select a more secure keychain configuration using the kSecAttrAccessible constants (e.g. "kSecAttrAccessibleWhenPasscodeSetThisDeviceOnly").
The current default accessibility setting used in Xamarin.Auth is "kSecAttrAccessibleAfterFirstUnlock" which allows data in the keychain to be included in backups whose encryption is not offered the protection of the devices UDID (to allow data to be migrated between devices). Back up data is vulnerable to brute-force attack, the ease of which is determined by the strength of the password set by the user for accessing backups.
The requirements of the app I am working on are such that keychain data should not be stored in back-ups. Furthermore keychain data only needs to be accessible when the app is in the foreground whereas the current configuration makes keychain data available when the app is backgrouded with the screen locked.