Comments (10)
ggozad
commented on August 30, 2024
Which android version is the device running?
from cordova-plugin-secure-storage.
AAUJoin
commented on August 30, 2024
It's running android 4.3.
from cordova-plugin-secure-storage.
ggozad
commented on August 30, 2024
Well, that's your problem. We need API 19, which is available from 4.4.
from cordova-plugin-secure-storage.
AAUJoin
commented on August 30, 2024
In that case you should consider adding the required api version in your plugin.xml
<preference name="android-minSdkVersion" default="19" />
from cordova-plugin-secure-storage.
ggozad
commented on August 30, 2024
You are right of course. We actually had it in plugin.xml. If my memory does not deceive me it caused some problems with either ionic or phonegap, which is why we removed it and added the info in the README. Once I have the time I will dig the issue and see if it is still a problem, otherwise put it back.
from cordova-plugin-secure-storage.
ggozad
commented on August 30, 2024
For reference this is the issue in question: #8
from cordova-plugin-secure-storage.
AAUJoin
commented on August 30, 2024
Is there a possibility of a graceful fallback for those devices? Can you save data unsecured in those cases and/or inform the app about not being able to save data secure with the option of letting it handle the data saving in an alternative storage?
from cordova-plugin-secure-storage.
ggozad
commented on August 30, 2024
Problem is the android part of the plugin has already become overly complex in order to support the various variants. We now support two versions of AES, one native and one done through js depending on whether we are on >21 or not. This is because there is no keychain/vault built-in.
Eventually I would like to even drop support for android < 21, but that's not going to happen very soon.
You could in principle add a third compatibility layer where public/private key encryption happens with sjcl through elliptic curves. But that would be a nightmare to manage I am afraid.
I would suggest the following:
During initialisation detect whether we are on android > 21 and fail gracefully if not. There are already checks there to see whether there is a lock pattern etc on the device which is the other way init should fail. If initialisation fails the app could decide whether to inform the user that his data will not be secure or implement some other method.
from cordova-plugin-secure-storage.
AAUJoin
commented on August 30, 2024
Thank you for your detailed answer!
from cordova-plugin-secure-storage.
ggozad
commented on August 30, 2024
A pleasure.
from cordova-plugin-secure-storage.
Related Issues (20)
- Where can I inspect the saved passwords on my iOS device? HOT 4
- Exception on Android Pie HOT 7
- Where is sjcl_ss.js? HOT 4
- Dependency on SAMKeychain HOT 3
- uncaught exception error HOT 3
- Do not rely on internal Android API for screen unlock HOT 11
- Usage of OAEP HOT 1
- Link doesn't work in readme HOT 1
- Exception on Android Pie after adding back lock screen HOT 15
- Save value of ss.get() in a variable ? HOT 1
- Android Q API 28 ERROR: No Activity found to handle Intent { act=com.android.credentials.UNLOCK } HOT 32
- iOS User interaction is not allowed HOT 1
- Data is still accessible after loging out of icloud HOT 1
- icloud
- App using unlockCredentials crash on Android Q HOT 2
- Refactor actions in static class so it can be re-used by other plugins HOT 1
- How to check whether key exist or not HOT 1
- android.content.ActivityNotFoundException HOT 2
- Capacitor support HOT 1
- Still having a problem with this. Running emulator on 12.1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cordova-plugin-secure-storage.