Save sensitive data in React Native

Question

I am building a React Native application and I need to save some sensitive data like a token and a refresh token. The obvious solution is to save that information using Asyn

Answer 1

AsyncStorage saves key-value pairs as a plaintext JSON file in the Documents directory. It does not encrypt its contents.

This is a security issue (at least on iOS) because it's possible for an attacker with access to the device to obtain a dump of the contents of the sandbox and trivially extract any data saved through AsyncStorage.

This used to not be clearly stated in the docs for AsyncStorage.js, but it is now: https://github.com/facebook/react-native/pull/8809

Also see: https://stackoverflow.com/a/38398114/1072846