Access `Titanium.App.Properties` in native app - titanium

TLDR: Is there is any native way to access the Titanium.App.Properties for both Android and iOS?
I am working on a project where the original app was made with Titanium, and the new updated version is built with Xamarin.
The original developers thought it would be smart to save a Device Token in the Titanium.App.Properties that would be used to access all the users history and purchases.
The device token is not stored anywhere else, so the only way to get to it is through Titanium.App.Properties.
I have the key they used to store the token. So my question is, is there is any native way to access the Titanium.App.Properties for both Android and iOS?
From this doc there is a paragraph:
"Both iOS and Android store app properties in special files on the filesystem. Natively, iOS properties are known as NSUserDefaults, which are stored in .plist files in the application's library directory. Android stores them in standard xml text files at /data/data/com.domainname.appname/shared_prefs/titanium.xml. Titanium provides a uniform means to set and get app properties via the Titanium.App.Properties API."
From this SO question it sounds like a module needs to be used:
"Other iOS applications cannot access these properties and native Android modules must use the Titanium module API TiApplication.getAppProperties method to access these properties."

For Android the Titanium properties are stored in the shared preferences with the path titanium.
ISharedPreferences TitaniumSharedPreferences = CrossCurrentActivity.Current.Activity.GetSharedPreferences("titanium", Android.Content.FileCreationMode.Private);
Then simply use the shared preference to get any property you need.
var userToken = TitaniumSharedPreferences.GetString("UserToken", string.Empty);
For iOS it is simpler, it just uses the NSUserDefaults.
var userToken = NSUserDefaults.StandardUserDefaults.StringForKey("UserToken");

For Android the TiProperties.java file says:
Instantiates the private SharedPreferences collection with the given
name and context.
This means no other Android application will have
access to they keys and values.
You say you use the token to get a history. Is that coming from a server? So is the token send to the server to do the request?
On the other hand: do you own the source code of the Ti app? Create an update that will store the token in some other way.

Related

How to store local private user data with React Native app?

I'm about to start working on a expense tracker app for mobile and I would like to use React Native with Expo (pretty new to mobile techs). Maybe I will share it with some friends or other people and the question that cames up is where to store their data (in this case is sensitive as they will register their money's movement).
What I mean is, I could use any cloud DB (Mongo, Firestore, etc) but I will have access to everything they register there and I wouldn't like that, just for security and their privacy sake.
So, is there a way to store their data or everything they register locally in their phones? So the app can only access to the data that is stored there and I can't see it. Or any other possibility?
I found the AsyncStorage API but I don't know if this is the correct approach for what I'm looking for. I didn't code anything yet as I don't know which would be the right path.
You can use Secure Store since you're using expo.
expo-secure-store provides a way to encrypt and securely store key–value pairs locally on the device. Each Expo project has a separate storage system and has no access to the storage of other Expo projects.
See https://docs.expo.dev/versions/latest/sdk/securestore/
I had a similar case and i went for realm.js .

How to migrate KeyStore and Keychain key-value pairs generated by and old Cordova-based App to a new React Native based App?

The scenario is quite simple: there is an old App written using Cordova that has to be updated with a new App written from scratch using React Native.
I am not the developer and the maintainer of the App written using Cordova but I could put hands on its source code. I have to rewrite the App and to make a "silently" update, i.e. the new App must no "reset" the data stored on KeyStore (Android) and Keychain (iOS) and it must reuse these data.
When I "update" the App on my test devices I try to access the data generated by the old App using:
react-native-keychain
react-native-secure-key-store
and try to fetch the data, but with no success. The problem is the same on iOS and on Android.
Focussing for the moment on iOS, I use Xcode to build both the Apps. Firstly I build the old version of the App, generate the data and store them on Keychain. Then, I build the new App version, superseding the previous one. I have ensured that on Xcode the Bundle Identifier and the Signing Certificate is the same for both versions. But from the new version of the App I am still unable to access the Keychain. To make the litmus test: I downgrade the App re-building the old version another time, so the old app replaces the new one and in this case from the old App I am able to access the Keychain data.
I am suspecting that, even if the Bundle Identifier, the two Apps are using two different Keychain zones. So, what I have to do in order to be able to access the data stored by the old app from the new one?
The idea I that the user shouldn't be affected by the update of the App, so the Keychain (and the KeyStore) of the old app must be re-used by the new app.
Note: I see that on the old App, the function used to store data in Keychain/KeyStore is:
var ss = new cordova.plugins.SecureStorage(callback)
Note: I have already read this from Apple Developer website, but I suppose it could be not my case, because I can't set the Keychain sharing on the old App, since we are not permitted to release an update of the Cordova-base App. But, however we tried internally to use Sharing Access without success.
In iOS in particular, keychain access is not just tied to the Bundle ID and signing certificate for the app. There is a third element called the "Groups Entitlement" that is designed to allow multiple applications from the same vendor to share keychain access to the same data (imagine separate email and calendar apps sharing a user's login data). Documentation for this mechanism begins here:
https://developer.apple.com/documentation/security/keychain_services/keychain_items/sharing_access_to_keychain_items_among_a_collection_of_apps
The documentation is fairly dense, but despite being intended for multiple apps to share data this also controls an application reading its OWN data. You must ensure that your parameters match the old app precisely or you will not be able to read the old values. You didn't provide the code for the old or new apps, but as an example if the old app had stored values in the Keychain on iOS, you might use react-native-keychain and the following code to read it:
// The "access group" is the Team ID of the OLD APP followed by its full Bundle ID
const accessGroup = 'A12BC3D45.com.company.BundleId';
const accessOptions = {
accessGroup,
accessible: Keychain.ACCESSIBLE.AFTER_FIRST_UNLOCK,
};
const oldCreds = await Keychain.getGenericPassword();
console.debug('Found old credentials', oldCreds); // REMOVE AFTER DEBUGGING
react-native-keychain has several load functions and you may need to experiment with others (such as getInternetCredentials) if your old app stored things differently.

Possible for Expo/React Native to save large amounts of encrypted data to iCloud?

I'm developing an Expo app which stores large amounts of users private data, currently only within the app. In order to allow the user to migrate their app data between devices, we need to store this in iCloud.
I'm currently unable to find documentation or article that explains how to do this.
Is it not currently possible for Expo to save data via the iCloud API?
there are some ways to save the data in the iCloud, one way you write ios native module
for iCloud API, then use it in the js. the detailed guide you can see here.
the other way is to search the third library which is used for react-native.for example:react-native-icloudstore. but it is old.
besides them, you can use CloudKit JS. use it in the native app webView.
you can go to the official site to learn it
In the end, if you can write native ios code, I suggest you use the first way. if you can not write it, you can search ios native relate library, then make your own
native module for ios

Is there an iOS Native equivalent to the JavaScript client SDK getUserInfo

I would like to retrieve my UserIdentity from the server in a Native iOS app, but I see no equivalent to the JavaScript WL.Client.getUserInfo() method in the iOS SDK. Is there a way to do this in iOS?
Perhaps I am using it wrong, but userIdentity() always seems to return nil but I do see valid data in deviceIdenity().
Nonetheless, I decided to implement this in an adapter procedure. After authenticating, the app calls the adapter procedure to fetch the user's profile information before doing anything that will require that profile data.

Sharing files Between Apps on iOS Devices

Is it possible on iOS to access another app's file data? On Android, that seems possible according to following URL.
Sharing files/ installation directory between two apps
No, that is not possible.
All iOS apps are sandboxed (at least on non-jailbroken devices), and while keychain data can be shared (between Apps that share their Bundle Seed ID), doing the same for file-based data is currently not possible.
What you CAN do is pass data to other apps by exchanging them via a server or call a URL scheme that another app has registered. Apple says:
Using a URL-based syntax, you can access data from the Web, as well as
pass information to other installed applications, such as Mail,
iTunes, and YouTube. Your own application can declare a unique URL
scheme, allowing any application to collaborate and share data with
your app.
It depends on what kind of data. In fact, iOS apps may only share keychain data. From Apple's doc :
An app ID has two parts: the team ID followed by the bundle ID search
string. The team ID is a 10-character string generated by Apple. Each
development team is assigned a unique team ID used to identify all
your apps. The team ID allows you to share keychain data between apps.
Apps with the same team ID can share data, such as usernames and
passwords. A bundle ID search string is traditionally a
reverse-domain-name style string. It’s the string you use in Xcode as
the bundle ID.
I've never done this, but there must be many tutorials on how to do this.
It is not possible to access other app's data installed on any Apple device. It is restricted by apple.
Anyways you can try it on JailBreaked devices. These operations are handled by Apple Private API's. Which you cant access in regular devices.
If you get access to them/used in your application, apple will reject your application.