With iOS, it’s possible to set the keychainAccess
option to something like Expo.SecureStore.WHEN_PASSCODE_SET_THIS_DEVICE_ONLY
, which improves security for sensitive items by guaranteeing that items in the store can only be accessed when the device has a passcode set. However, it doesn’t seem like there’s a similar option in SecureStore
for Android. Native Android does have a mechanism for only allowing a key in the keystore to be accessed when the user has authenticated via passcode/pattern/etc. (docs) – is there a way that I’m missing to configure SecureStore
to use this, or is this a feature you’d consider adding in a future release to provide parity with iOS?
From the docs:
Android: Values are stored in SharedPreferences, encrypted with Android’s Keystore system.
If you would like and android equivalent added to keychainaccessible
then opening a canny will be the best approach. Feature Requests | Expo
AFAIK there is no timeline for adding this to Expo.
Right – and Android’s Keystore allows apps to specify authorized uses of their key (i.e. only when the user has unlocked the device) but I couldn’t find anything in the docs about how to use that restriction on Android (only for the iOS equivalent).
Makes sense, I just wanted to make sure I wasn’t missing anything in the docs, or that adding an equivalent security control on Android wasn’t already considered and rejected for some reason.
Cool! I appreciate your consideration for duplicate posts please link the canny if you happen to make it so other devs can find it and upvote
Submitted to canny: Support requiring user authentication for SecureStore on Android | Voters | Expo
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.