Users must have a secure Ionic 2 safe lock screen
I am trying to replace the ionic 2 Storage plugin with SecureStorage. But the documentation says that "users should have a secure lock screen set." So I'm a little confused. As it is also said that if the security setting is insufficient, the app developer must inform the user of the security requirements of his app and re-initialize after the user has changed the lock screen settings. I think I don't need a security store for this. So it would be a good idea to move "Storage" to "SecureStorage". If not, what is the alternative.
source to share
So it would be a good idea to move "Storage" to "SecureStorage"
No, "Secure Storage" (provided by cordova-plugin-secure-storage ) is for storing small amounts of sensitive data such as user credentials or credit card information. It is not intended to be a replacement for a general storage engine such as a SQLite database (e.g. cordova-sqlite-storage ). It does not provide unlimited memory like on Android, trying to store more than 1.5MB will throw a memory exception. If you need to store more sensitive data, you can encrypt the data stored in a larger SQLite database and use secure storage to store the decryption key securely, for example.
the documentation says that "users must have a secure lock screen set installed"
This means that on Android, the device must have a secure lock screen, i.e. a pattern or pin lock that must be entered to unlock the device (note: slide unlocking is not considered secure). If it is not, then the Secure Store constructor function will call an error callback and you will not be able to use Secure Store to store data on that device.
it also says that if the security setting is insufficient, the app developer must inform the user of the security requirements of their app and re-initialize after the user changes the screen lock settings.
If an error callback is called during plugin initialization, you have the option to tell the user, "Your device does not have a secure lock screen. Without this, you cannot {use this feature} Do you want to install it now?
You can use any mechanism you like to present a message to the user, for example. confirm () function fromcordova-plugin-dialogs
.
If the user agrees, you can call a function secureDevice()
from the secure storage plugin that calls its own activity to guide the user through the lock screen setup process. Your app will be placed in the background during this, so when it resumes, you can use a handler onResume()
to check if the secure store plugin has already been initialized and if it doesn't re-initialize it: if the user configures a screen lock, the plugin will initialize successfully ... If not, the error callback will be called again (back to square).
Also note that Android 4.4 or higher requires a secure storage plugin: on Android 4.3 or lower, the plugin will always be unintelligible, regardless of your lock screen settings.
source to share