Where to store sensitive data inside flutter?

security flutter storing-data
1,979

I'd suggest your first choice flutter_secure_storage which I already use to store token. Its perfect choice for the use case.

A Flutter plugin to store data in secure storage:

  • Keychain is used for iOS

  • AES encryption is used for Android. AES secret key is encrypted with RSA and RSA key is stored in KeyStore

Share:
1,979
ihsancemil
Author by

ihsancemil

Updated on December 14, 2022

Comments

  • ihsancemil
    ihsancemil over 1 year

    I'm building the authentication with openid-oauth2. I managed to gather access_token, identity_token from auth server. I want to store those values and use those values in each api call. I have several options as I searched.

    • I can use secure storage package which can hash the access_token and I can read that value to perform api call.

    • I can use Inherited Widget. Create a inherited widget on top of my application and read from the inherited widget.

    • I can use Singleton. Simply create a class which will act as singleton class and store my access_token inside that class.
    • I can use Shared preferances.

    Of course the 2., 3. and 4. options are not secure. However, I don't know whether store those values securely is necessary.

    What is the best practice in flutter to store those values?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to manage OAuth flow in mobile application with server
Are compile-time variables secure in flutter?
Why is it bad practice to use an FCM Server Key on a Flutter/Android client?
How to protect Flutter app from reverse engineering
GDPR and personal data
Securely Saving API Keys In Android (flutter) Apps
How can I prevent backup for user data in flutter for iOS app?
Flutter/Dart security scans
How to hide API Keys in AndroidManifest.xml
Rollbar logging api key