what do you all think about save tokens in ios userdefaults

Question

what do you all think about save tokens in ios userdefaults i saw a lot of devs yelling about how it s unsafe but it s like sharedprefs on android i know it s not encrypted but you need access to devices filesystem to read it correct me if i am wrong you need to hack the device or stole the device to have access to it and after that you need to understand what it is and how to use

Mejdi · Answer

good question thinking loudly imagine if a hacker can access on his phone that token and use it maliciously using certain scripts especially if that is a long lived token how bad would that be

Vitor Prado · Answer

it s bad i know but sometimes apple devs looks like a security freaks we store tokens in android prefs since ever access device storage is a hard task for hackers and apple devices has encrypted filesystem looks like a overconcern about security tokens isn t passwords you can expire them and it s ok

Stephen Gazzard · Answer

I guess my counter question is sharing in the Keychain is so simple these days with pods like KeychainAccess what are you saving by not doing that An hour development time tops

Vitor Prado · Answer

the point is why in android we dont have this concern about where to save tokens and in ios we are overconcern about where to save it

Vitor Prado · Answer

I m running into this cause i wrote keystores for multiplatform and userdefaults looks ok to put all my values

Mejdi · Answer

I am sure it is a concern on Android for bank apps for example I can t really recall the specifics but I am sure there is a secure solution on Android as well

Mejdi · Answer

< Vitor Prado> I asked the question so that we reflect it is really a need in your case

Mejdi · Answer

if it is not I think it is safe to proceed with userdefaults

darkmoon_uk · Answer

All security is about having good enough security so it depends on the Application Is this a banking App or a grocery list App Who is going to be motivated hard enough to break your App and to what end Some people who have a security focus will naturally lean towards applying it more but I believe it can be over done Priorities Usually an App can be hardened after it s matured and used enough to make it an interesting target

José González Gómez · Answer

gt what do you all think about save tokens in ios userdefaults Don t Just use the keychain

José González Gómez · Answer

gt I can t really recall the specifics but I am sure there is a secure solution on Android as well AFAIK <https developer android com training articles keystore>

José González Gómez · Answer

gt userdefaults looks ok to put all my values UserDefaults is intended to store key value pairs usually related with user preferences but it is not intended to store sensitive information

louiscad · Answer

I think a PC or Mac can read and possibly edit content saved into NSUserDefaults unlike for Android

Diogo Ribeiro · Answer

You cab have a secured shared preference these days No need to save on the old one Security should be always the priority You did good asking yourself this question tada