Which is the best way to store user token react-native-keychain or android AccountManager?

Question

I'm developing react native application and I have doubts about some security. what is the best way to store user auth token react-native-keychain or account manager?

react-native-keychain

Answer 1

react-native-keychain is best way that provides keychain/keystore access for React Native applications. It allows you to securely store and retrieve sensitive information such as passwords, internet credentials, and tokens using native encryption mechanisms provided by iOS and Android.

This library supports various security features such as biometric authentication (Face ID, Touch ID, Fingerprint), secure storage levels, as well as customizable options for accessing and storing data.

Answer 2

According to me Asyncstorage is safe place to store token because your storage file is created in internal storage inside your application package name folder and internally AsyncStorage uses sharedPreference with private context So no other application can access your application's storage file until and unless the phone is not rooted and not jailbreaked. However, User have physical access to the device so he/she can extract files by connecting the phone to the laptop and see document directory so for that what you can do is encrypt your sensitive data.

react-native-keychain is good to handle your use-case. It uses facebook-conceal encryption algorithm internally.

Happy Coding :)

Answer 3

There is another package react-native-sensitive-info,which has the same easy api with localstorage.