I’m new to the ionic framework and have some basics of it and currently I’m developing a private app for my family only that store some sensitive information in the localstorage. I used some crypto libraries to encrypt the whole data to prevent anyone reading it directly.
The app does not call any external API, links to any external network and website, and it does not connect to any server host since it is just for our own use only.
The question is, is there any vulnerability for anyone to attack my private app and get the data from localstorage?
I’ve read some article saying that localstorage is either attack by physically getting the device or by XSS.
Do you require external user input in order to decrypt the data, such as a passphrase? If not, then don’t even bother with encryption. I think native storage sounds like the best fit for your use case.
So if everything is done internally within the app, it is safe to say that it is highly impossible to retrieve localstorage data from unauthorized user?
I guess that depends on how you define “unauthorized user”. If you mean me, sitting over here, yes. If you mean that guy who just noticed your phone was unlocked and grabbed it off the desk, no.
Regardless, don’t use localStorage for anything. Ionic Storage, maybe. Native Storage, maybe. localStorage is, as they say in poker theory, a dominated choice. Whatever you want to do, there is a better option.
Thx for clarifying it to me! still new to the field try to develop some app for personal use only