How secure is the ionic storage?


#1

For example…I write things on the @ionic/store without encryption. A json data.

I understand that others apps can’t read my data…ok, fine…bit is there some how to someone attach the mobile using a usb cable and read the data with some how ?

tyvm !


#2

the topic you’re looking for is call app sandboxing.


#3

Hi

Your data is unsecure in storage

You can use a cordova plugin (no experience with that) or use encrypt/decrypt routines prior to storing (on a stringified json object). Use for instance the user’s password as key to encrypt and decrypt

Regards

Tom


#4

Hi

and here sample code for a provider that could do the trick for you using Ionic Storage. You need to npm i CryptoJS --save before using it. And assure your module is configured properly (Storage and this provider).

import { Injectable } from '@angular/core';
import { Storage } from '@ionic/storage';

import CryptoJS from 'crypto-js';


@Injectable()
export class SecureStorageProvider {

    secret: string = "";
    localData: Object = {};
    storekey: string = "secretdata";

    constructor(
        private storage: Storage
    ) { }

    initStorage(secret) {
         this.secret = secret;
        return this.storage.ready()
            .then(() =>
                return this.storage.get(this.storekey)
                    .then(data => {
                         this.localData={};
                         if (data != null) {
                            this.localData = this.decrypt(data, this.secret);
                            return true
                        } else return false
                    }))
    }

    encrypt(data, key) {
        return CryptoJS.AES.encrypt(JSON.stringify(data), key).toString();
    }

    decrypt(data, key) {
        let bytes = CryptoJS.AES.decrypt(data, key);
        return JSON.parse(bytes.toString(CryptoJS.enc.Utf8));
    }

    setOnly(key, data) {
        this.localData[key] = data;
        return Promise.resolve(true);
    }

    getLocalData(key) {
        if (this.localData[key])
            return Promise.resolve(this.localData[key])
        else return Promise.resolve(null);
    }

    changeSecret(newsecret) {
        this.secret = newsecret;
        return this.storage.ready()
            .then(() => {
                return this.storage.set(this.storekey,
                    this.encrypt(this.localData ? this.localData : '', this.secret));
            })
    }

    set(key, data) {
        this.setOnly(key, data);

        return this.storage.ready()
            .then(() => {
                return this.storage.set(this.storekey,
                    this.encrypt(this.localData ? this.localData : '', this.secret));
            })
    }
}

Regards

Tom


#5

Thanx Tom !! You gave me a very good help ! This is much better than use the bugged, hard and native SecureStorage !


#6

No problem
Btw, the code is messy and a bit buggy, but you can get the direction I am thinking of

I will check the code later when I am at my pc

Tom


#7

I know, toooo late to the party but why do you say that Secure Storage is buggy?