I'm about to start working on a expense tracker app for mobile and I would like to use React Native with Expo (pretty new to mobile techs). Maybe I will share it with some friends or other people and the question that cames up is where to store their data (in this case is sensitive as they will register their money's movement).
What I mean is, I could use any cloud DB (Mongo, Firestore, etc) but I will have access to everything they register there and I wouldn't like that, just for security and their privacy sake.
So, is there a way to store their data or everything they register locally in their phones? So the app can only access to the data that is stored there and I can't see it. Or any other possibility?
I found the AsyncStorage API but I don't know if this is the correct approach for what I'm looking for. I didn't code anything yet as I don't know which would be the right path.
You can use Secure Store since you're using expo.
expo-secure-store provides a way to encrypt and securely store key–value pairs locally on the device. Each Expo project has a separate storage system and has no access to the storage of other Expo projects.
See https://docs.expo.dev/versions/latest/sdk/securestore/
I had a similar case and i went for realm.js .
Related
I am new to react-native and currently aiming to make a simple ios application using react-native.
The developing application basically stores pre-installed 100 types of text files and other 100 types of text data that users can personally add after installation.
My question is that should 'react-native-SQLite-storage' be used to store data on a user's mobile app?
I have done some research and figured out two ways to store data, one is to use Async Storage, another one is to use react-native-SQLite-storage, and still confusing the difference between those ways.
I appreciate some ideas from people who have been developed react native app before.
Thanks.
I'm stuck for making my react native app offline for storing the images.
what is the best way to use, shall i go with AsyncStorage, Real m, CouchDB or WatermelonDB.
Actually i am new to React Native, so i want to use the best solution.
Please help me.
Thanks in advance.
By the common ways. There are no databases actually store media. They actually save media files in physic / cloud servers and store only access url in database.
So, to achieve your technical goal. You can use react-native-fs to interact with your media files. And save their url into your database like Realm, PouchDB, AsyncStorage.
I think AsyncStorage is simple to setup and suitable for save media url.
I'm developing an Expo app which stores large amounts of users private data, currently only within the app. In order to allow the user to migrate their app data between devices, we need to store this in iCloud.
I'm currently unable to find documentation or article that explains how to do this.
Is it not currently possible for Expo to save data via the iCloud API?
there are some ways to save the data in the iCloud, one way you write ios native module
for iCloud API, then use it in the js. the detailed guide you can see here.
the other way is to search the third library which is used for react-native.for example:react-native-icloudstore. but it is old.
besides them, you can use CloudKit JS. use it in the native app webView.
you can go to the official site to learn it
In the end, if you can write native ios code, I suggest you use the first way. if you can not write it, you can search ios native relate library, then make your own
native module for ios
I have been using Firebase Web SDK for my react-native app (I am using FIRESTORE to store the data). Up to this point, I have had no problems. It all works smoothly. But now I want to add some kind of offline storage mechanism to my app so that I could still offer some functionality or display some content that was cached from the last connected session even if my users are offline. After some investigation, I have the impression that react-native-firebase is the preferred way to go. Now I have some questions and I like to get some advice from the experienced.
Is react-native-firebase the only option to go? I have quickly read about AsyncStorage and it is just a key-value storage. Considering the simplest thing I want to do is page through a list of firestore documents, this kind of storage seems not to be suitable to do this offline. Like If I wanted to do this with AsyncStorage I would have to put all the content (maybe hundreds of documents) I get from the firestore backend, persist them as a single string value, fetch them back, parse them, page them etc. And write custom logic& methods for all these.
If I was to use react-native-firebase, just enabling the offline storage -I assume- takes care of this for you and you don't have to write any custom logic for offline storage usage. I assume the data that has persisted for offline usage has the same structure as it does in firestore database. I feel like If I use anything other than react-native-firebase, I would have to handle all the custom logic for persisting, reading and rendering the data offline myself. Is that right?
The biggest concern I have is the amount of code refactoring that might be required. I have many lines of code and so many .get().then() like lines where I get and render the data from firestore. In the documentation of react-native-firebase it says:
...aims to mirror the official Firebase Web SDK as closely as
possible.
I am not sure to what extent this is true. I have checked the react-native-firebase's firestore module's reference documentation but I just can't tell how many of these querying methods are actually supported.
So, the way to go is react-native-firebase's way? Would it take a heavy toll on me trying to refactor the existing code? Any similar experience do you have?
I would appreciate any help.
Thanks a lot...
Maintainer of the react-native-firebase library here.
...aims to mirror the official Firebase Web SDK as closely as possible.
This is a minor disclaimer as there are some differences between the two, mainly down to how certain things have to be implemented with React Native.
For example, enablePersistence does not exist on RNFB. Instead, persistence is enabled by default and can be toggled off (or on) via settings().
Is react-native-firebase the only option to go? I have quickly read about AsyncStorage and it is just a key-value storage. Considering the simplest thing I want to do is page through a list of firestore documents, this kind of storage seems not to be suitable to do this offline. Like If I wanted to do this with AsyncStorage I would have to put all the content (maybe hundreds of documents) I get from the firestore backend, persist them as a single string value, fetch them back, parse them, page them etc. And write custom logic& methods for all these.
This is technically possible, however there are downsides to this as you have mentioned. With Firestore, when the device goes offline (quite common on apps) and you attempt a read/write it'll read/update your local cache, which will still trigger event listeners. When the app goes back online, it'll automatically re-sync with the server for you.
If I was to use react-native-firebase, just enabling the offline storage -I assume- takes care of this for you and you don't have to write any custom logic for offline storage usage. I assume the data that has persisted for offline usage has the same structure as it does in firestore database. I feel like If I use anything other than react-native-firebase, I would have to handle all the custom logic for persisting, reading and rendering the data offline myself. Is that right?
This is all handled for you. We wrap around the native Firebase SDKs so expect the same level of consistency if you were developing a native Android/iOS app if not using React Native.
The biggest concern I have is the amount of code refactoring that might be required. I have many lines of code and so many .get().then() like lines where I get and render the data from firestore.
Generally everything is the same apart from a few minor methods for reasons mentioned above.
So, the way to go is react-native-firebase's way? Would it take a heavy toll on me trying to refactor the existing code? Any similar experience do you have? I would appreciate any help.
I'd recommend anyone developing with React Native & Firebase to use RNFB. It provides a lot of extra functionality the Web SDK cannot provide with React Native. Apart from a more cumbersome setup & changing imports, it should work very much the same.
I want to store sensitive data locally in a React Native app.
Is the data only available to the app that wrote it?
AsyncStorage is not suitable for storing sensitive information. You might find this useful: https://github.com/oblador/react-native-keychain
It uses facebook conceal/android keystore to store encrypted data to SharedPreferences (Android) and keychain on iOS. (I co-authored the lib). Be sure to read the entire readme to understand what it offers.
No , it is not secure since it is not encrypted .I would recommend that you use Expo`s secureStore
If you`re building your app from Expo :
// in managed apps:
import { SecureStore } from 'expo';
If you`re building as a bare app
// in bare apps:
import * as SecureStore from 'expo-secure-store';
Read more here : https://docs.expo.io/versions/v32.0.0/sdk/securestore/
No, AsyncStorage is not secure for sensitive data. AsyncStorage simply saves data to documents on the phone's hard drive, and therefore anyone with access to the phone's file system can read that data. Of course, whether or not this is problematic for you depends on what you mean by "senstive data."
At least on iOS, it is true that the data is only available to the app that wrote it, because of Apple's sandboxing policy. This doesn't stop jailbroken iPhones with root access to the file system from getting whatever they want, since AsyncStorage does not encrypt any of its data. But in general, don't save sensitive data to AsyncStorage, for the same reason you shouldn't hard code sensitive data in your javascript code, since it can be easily decompiled and read.
For very sensitive app or user data, you could try something like https://github.com/oblador/react-native-keychain on iOS(uses iOS Keychain) or https://github.com/classapp/react-native-sensitive-info for both Android and iOS(uses Android Shared Preference and iOS Keychain).
Both of them come with very fluent API and straightforward way of linking with react-native link and are a more secure way of preserving data you want to keep away from prying eyes.
I've faced the same problem on a project I was working on, we were using a custom wrapper for AsyncStorage, stored some amount of data and then we tried to retrieve the same data... and it was so easy.
We get over that problem by using Realm with the encryption option and it was a easier, faster and better solution than AsyncStorage.
No it is not secure. Consider using library like https://github.com/oblador/react-native-keychain for secure storage.
If you're using Expo you can use Expo.SecureStore to encrypt and securely store key–value pairs locally on the device. Documentation: https://docs.expo.io/versions/latest/sdk/securestore
I have created a secure storage module for redux-persist that uses react-native-keychain to store an encryption key and uses CryptoJS to encrypt the redux-store at rest in AsyncStorage. You can find the module at:
redux-persist-encrypted-async-storage
Its usage is discussed in the readme at the link.
From react-native doc - https://facebook.github.io/react-native/docs/asyncstorage.html
AsyncStorage is a simple, unencrypted, asynchronous, persistent, key-value storage system that is global to the app.
Its not secure as it stores key-value pairs in unencrypted form on device.
Checkcout - https://www.npmjs.com/package/react-native-secure-key-store.
It used keychain for iOS and KeyStore for Android for storing data securely.
If you are still searching for this one.
try using react-native-encrypted-storage they have some encryption.
react-native-encrypted-storage
its so simple as async storage