React Native - Sensitive Data

-

We are building a mobile application using React-Native and need to embedd some sensitive data such as client secret keys/passwords into the mobile application itself.

What is the standard practice on this in terms of security (hardest to reverse-engineer)? Should the data be at native code level as constants, resource files or react native javascript files?

Thanks.

you could use a library like react-native-keychain, which uses the native keychain libraries on iOS and Android

Old question but really, the answer is obvious and I'm very surprised by the other answers you've got.

...need to embedd some sensitive data such as client secret keys/passwords into the mobile application itself.

NO. You do not need to do this. This is poor design on so many levels, not only security wise because you are giving away your secrets. What happens when your client secret is leaked and you need to quickly replace it. Do you want to call all your users and ask them to please upgrade?

If you need to call third party services then really you need to make a proxy service that authenticates the user based on their credentials and then fetches the information with whatever client authentication you have.

This is not different from any other client -> server architecture. Anything that is on the client you can assume WILL be reverse engineered. It is not even very hard to do.

Comments

Post a Comment

Popular posts from this blog

Meaning of `{}` for return expression

-
15 1 I found by accident that the following compiles: #include <string> #include <iostream> class A{ int i{}; std::string s{}; public: A(int _i, const std::string& _s) : i(_i), s(_s) { puts("Called A(int, const std::string)"); } }; A foo(int k, const char* cstr){ return {k, cstr}; // (*) } int main(){ auto a = foo(10, "Hi!"); return 0; } The line of interest is (*). I guess the function foo is equivalent to: A foo(int k, const char* str){ return A(k, cstr); } However, is there a special name for this mechanism in (*)? Or is it just the simple fact that the compiler knows which constructor to call due to the return type? ...
Read more

Get current scroll position of ScrollView in React Native

-
Is it possible to get the current scroll position, or the current page of a <ScrollView> component in React Native? So something like: <ScrollView horizontal={true} pagingEnabled={true} onScrollAnimationEnd={() => { // get this scrollview's current page or x/y scroll position }}> this.state.data.map(function(e, i) { <ImageCt key={i}></ImageCt> }) </ScrollView> Try. <ScrollView onScroll={this.handleScroll} /> And then: handleScroll: function(event: Object) { console.log(event.nativeEvent.contentOffset.y); }, Disclaimer: what follows is primarily the result of my own experimentation in React Native 0.50. The ScrollView documentation is currently missing a lot of the information covered below; for instance onScrollEndDrag is completely undocumented. Since everything here relies upon undocumented behaviour, I can unfortunately make no promises that this information will remain correct a ...
Read more

React Native - Image Cache

-
I read the document about the React Native image component in this site and got some questions: https://facebook.github.io/react-native/docs/image.html If I use the source property to display image. Will the image be cached and save to disk after download? If yes, what is the cache policy? If I want to save the downloaded image to disk. Is it better to use getSize or prefetch method to do it? Many thanks. React native image component NSURLRequest's cache policy as described here. Personally I use RNFetchBlob to cache images as described here. You can also checkout this component. You may be interested in my higher order component module that adds performance related image caching and "permanent cache" functionality to the native <Image> component. React Native Image Cache HOC Tl;DR Code Example: import imageCacheHoc from 'react-native-image-cache-hoc'; const CacheableImage = imageCacheHoc(Image); export default class App ex...
Read more