I am building an app where I store information from a JSON API using @ionic/angular-storage. Some of the data is somewhat sensitive (i.e. I don’t want people to steal it) and I wondered if there was a free way to encrypt/decrypt the data when saved?
I’m aware of the Ionic Secure Storage offering but the price is completely disproportionate for my requirements.
Any help or directions appreciated.
Well u can use strong methods to encrypt.
Question is where you store the keys. These need to be stored off the device. And need to be sufficient random.
Ideally u assume nothing is secure on the device so good to minimize this
Pronouns always confuse me, so let’s get good old Alice and Bob involved here.
You, the app author, are Alice. Bob is your user. Charlie is a random blackhat.
- Who is the proper owner of the sensitive information?
- If the answer to #1 is “Alice”, then are you worried Bob might get Alice’s information?
- If the answer to #2 is “no” or “not applicable, because Bob is the answer to #1”, then can we safely only worry about Charlie?
- Does Charlie have any physical access to Bob’s device with the app installed on it?
- If yes to #4, can our app require that Bob have some sort of lockscreen on his device?
- Does the sensitive information need to leave Bob’s device for any reason at any time? If so, when and why?
- Can we always assume “one device, one user”, or can Bob share his install of the app with others?
- If yes to #7, do we need to allow Bob and Bob’s wife Barbie to have separate sensitive data?
- If yes to #8, are Bob and Barbie allowed to access one another’s data?
- If no to #5, can we require Bob to enter a passphrase every time he launches our app?
you can use an encrypted sqlite database, or you can use a plugin to store encrypted values - cordova-plugin-secure-key-store