Many apps need to store sensitive data such as password, credit card numbers, session token etc. This data should not be stored in clear text. Text files and settings store information in plain text. So they are not an option for storing sensitive data.
Each mobile platform has its own mechanism to store sensitive information. This plugin provides a simple API abstracted over iOS, Android and Windows platforms (Phone, Store and UWP). The API is similar to key value storage.
The underlying implementation on each platform takes care of securing the data and storing it. On iOS platform, it is stored using KeyChain. On Android, it uses password protected KeyStore. Windows platform stores it using Data Protection mechanism. However the nitty-gritties of each platform are encapsulated under the hood, keeping the API simple.
The plugin has no dependencies on any package (including Xamarin.Forms, MVVMCross). It can be used by any Xamarin or Windows app. It is open source.
Here are the examples of how to use it:
To store a value:
To retrieve a value:
var sessionToken = CrossSecureStorage.Current.GetValue (“SessionToken”);
To delete a value:
To check, if a key exists:
var exists = CrossSecureStorage.Current.HasKey (“SessionToken”);
In Android apps, it is required that the password is set by the application prior to use.
SecureStorageImplementation.StoragePassword = "Your Password";
In Windows apps, it is required that the password is set by the application prior to use.
WinSecureStorageBase.StoragePassword = "Your Password";
Two sample apps (one for Xamarin and another for Windows) are provided on the GitHub for your reference.