Have been using SecureStore to store some key information (which is already encrypted, but belt and braces…). Works great on iOS - but on Android, I’m getting a problem during a call to SecureStore.setValueWithKeyAsync(value, key). This function has already worked once in this code block, so I know it works. The key is good and follows the rules. The value is a blob of encrypted junk from CryptoJS.AES toString’d.
The message is simply “Set value has encountered an error.” Any thoughts? Should I just bail and use AsyncStorage when on Android?
Say, @thetc, is there a security writeup of the SecureStore anywhere that allows someone to understand just how secure it is? The docs talk about an device/app/installation specific key - but practically how difficult would it be to crack it based on a compromised phone, or copy of phone backup data, or…? Has anyone done an analysis of each of the platforms?