Is React Native's Async Storage secure?

Question

I want to store sensitive data locally in a React Native app.

Is the data only available to the app that wrote it?

Answer 1

I have created a secure storage module for redux-persist that uses react-native-keychain to store an encryption key and uses CryptoJS to encrypt the redux-store at rest in AsyncStorage. You can find the module at:

redux-persist-encrypted-async-storage

Its usage is discussed in the readme at the link.

Answer 2

I've faced the same problem on a project I was working on, we were using a custom wrapper for AsyncStorage, stored some amount of data and then we tried to retrieve the same data... and it was so easy.

We get over that problem by using Realm with the encryption option and it was a easier, faster and better solution than AsyncStorage.