I am not sure that the ionic's local storage for android/iOS is secure or not?


#1

Login data such as password is secured or not.


#2

They are not, it’s to be assumed that anything stored on the device is not secure, if you want to let a user stay logged in, you store the token or an authentication string that changes each time they log in but never store their password on their phone.

If you google “How to see iOS app local storage” on google there are hundreds of ways and guides of how to do it and just like how you can google that, so can any one else.


#3

Thanks for the answer. Specifically, what I want to do is build a tutor room app on top of the university system that uses the university’s authentication sub-system with a user name and a password. My app will use the user name and password that the student will enter and then check the authentication by using the university’s authentication sub-system and then store the user name and password to keep the student logged in. So, I am not sure if I store the user name and password for the student in the local storage is a secure strategy or not. What I heard that the ionic’s local storage is secured in iOS but I am not sure about android.


#4

iOS and Android are both not secure.

What you my have heard however is with iOS you can use NSUserDefaults which is a settings class, now there’s still a catch. The NSUserDefaults is more permanent however anyone that googles how to access the properties can still read them.

Does the universities authentication return a token? You have to have something to tell the server that they are authenticated to make calls to the API right? You want to save the token or authorization string that the server sends you and then just make a call with that to test if they are still authenticated.