Async Storage is a community-maintained module for React Native that provides an asynchronous, unencrypted, key-value store. Async Storage is not shared between apps: every app has its own sandbox environment and has no access to data from other apps.
|DO USE ASYNC STORAGE WHEN…||DON’T USE ASYNC STORAGE FOR…|
|Persisting non-sensitive data across app runs||Token storage|
|Persisting Redux state||Secrets|
|Persisting GraphQL state|
|Storing global app-wide variables|
React Native does not come bundled with any way of storing sensitive data. However, there are pre-existing solutions for Android and iOS platforms.
iOS – Keychain Services#
Keychain Services allows you to securely store small chunks of sensitive info for the user. This is an ideal place to store certificates, tokens, passwords, and any other sensitive information that doesn’t belong in Async Storage.
Android – Secure Shared Preferences#
Shared Preferences is the Android equivalent for a persistent key-value data store. Data in Shared Preferences is not encrypted by default, but Encrypted Shared Preferences wraps the Shared Preferences class for Android, and automatically encrypts keys and values.
Android – Keystore#
The Android Keystore system lets you store cryptographic keys in a container to make it more difficult to extract from the device.
In order to use iOS Keychain services or Android Secure Shared Preferences, you can either write a bridge yourself or use a library which wraps them for you and provides a unified API at your own risk. Some libraries to consider:
- react-native-encrypted-storage – uses Keychain on iOS and EncryptedSharedPreferences on Android.
- react-native-sensitive-info – secure for iOS, but uses Android Shared Preferences for Android (which is not secure by default). There is however a branch that uses Android Keystore.
- redux-persist-sensitive-storage – wraps react-native-sensitive-info for Redux.