1 possible answer(s) on “Is it okay to store credentials in async storage ?

  1. Hey,

    For Android, we store data using SQLite, which stores a DB file on your device (normally /data/data/<your.package.name>/databases/db_name.db.). Async Storage do not provide any encryption/decryption tools, so anything stored in DB is in plain text. When it comes to sensitive data, I’d avoid storing anything (maybe unless you already hashed values).

    Access Tokens (JWT for example), should usually be short-lived for security? It’s perfectly fine to store those in DB, as they have expiration date.