From 946a15f04f9faddec8ddccad7d65b852280c0438 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Stanis=C5=82aw=20Chmiela?= Date: Mon, 20 Jul 2020 18:47:45 +0200 Subject: [PATCH 1/2] Add `expo-secure-store` to a list of libraries to consider for secure storage --- docs/security.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/security.md b/docs/security.md index b609c5fa4ad..d580810838d 100644 --- a/docs/security.md +++ b/docs/security.md @@ -62,6 +62,7 @@ The [Android Keystore](https://developer.android.com/training/articles/keystore) In order to use iOS Keychain services or Android Secure Shared Preferences, you can either write a bridge yourself or use a library which wraps them for you and provides a unified API at your own risk. Some libraries to consider: - [react-native-keychain](https://github.com/oblador/react-native-keychain) +- [expo-secure-store](https://docs.expo.io/versions/latest/sdk/securestore/) - [react-native-sensitive-info](https://github.com/mCodex/react-native-sensitive-info) - secure for iOS, but uses Android Shared Preferences for Android (which is not secure by default). There is however a [fork](https://github.com/mCodex/react-native-sensitive-info/tree/keystore)) that uses Android Keystore - [redux-persist-sensitive-storage](https://github.com/CodingZeal/redux-persist-sensitive-storage) - wraps react-native-sensitive-info From 4dc6c718e71dbd600dcc494173ac5c14c90acc01 Mon Sep 17 00:00:00 2001 From: Bartosz Kaszubowski Date: Tue, 21 Jul 2020 11:57:36 +0200 Subject: [PATCH 2/2] alphabetic order, minor tweaks to the list content --- docs/security.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/security.md b/docs/security.md index d580810838d..f38a14708e0 100644 --- a/docs/security.md +++ b/docs/security.md @@ -61,10 +61,10 @@ The [Android Keystore](https://developer.android.com/training/articles/keystore) In order to use iOS Keychain services or Android Secure Shared Preferences, you can either write a bridge yourself or use a library which wraps them for you and provides a unified API at your own risk. Some libraries to consider: -- [react-native-keychain](https://github.com/oblador/react-native-keychain) - [expo-secure-store](https://docs.expo.io/versions/latest/sdk/securestore/) -- [react-native-sensitive-info](https://github.com/mCodex/react-native-sensitive-info) - secure for iOS, but uses Android Shared Preferences for Android (which is not secure by default). There is however a [fork](https://github.com/mCodex/react-native-sensitive-info/tree/keystore)) that uses Android Keystore -- [redux-persist-sensitive-storage](https://github.com/CodingZeal/redux-persist-sensitive-storage) - wraps react-native-sensitive-info +- [react-native-keychain](https://github.com/oblador/react-native-keychain) +- [react-native-sensitive-info](https://github.com/mCodex/react-native-sensitive-info) - secure for iOS, but uses Android Shared Preferences for Android (which is not secure by default). There is however a [branch](https://github.com/mCodex/react-native-sensitive-info/tree/keystore) that uses Android Keystore. + - [redux-persist-sensitive-storage](https://github.com/CodingZeal/redux-persist-sensitive-storage) - wraps react-native-sensitive-info for Redux. > **Be mindful of unintentionally storing or exposing sensitive info.** This could happen accidentally, for example saving sensitive form data in redux state and persisting the whole state tree in Async Storage. Or sending user tokens and personal info to an application monitoring service such as Sentry or Crashlytics.