Secure Storage 2.5.0 has objectives of making it more secure on Android and making the secure storage accessible with a configurable access level in iOS. It comes with two major features. The features are breaking changes with provision for backward compatibility.
The new version provides an additional mechanism to store data in the AndroidKeyStore. AndroidKeyStore provides the ability to protect data using hardware when possible. Only the application that created the data can access it. This provides an extra layer of security to protect the secret data from being hacked and used by other apps. The data is stored using the best available cryptographic technique available for the phone.
This is now the default storage mechanism. It is a breaking change as the data stored by earlier versions will not be available in the new version unless it is converted explicitly.
If developers want to preserve the storage mechanism from the earlier version, it can be done by setting the storage type as follows:
// Set the type of the storage SecureStorageImplementation.StorageType = StorageTypes.PasswordProtectedFile;
If you choose to assign a custom password for the file, it can be assigned as follows:
// set your password in ProtectedFileImplementation ProtectedFileImplementation.StoragePassword = "YourPassword";
In 2.5.0, the KeyChainAccessLevel is set to AfterFirstUnlock as default. This will enable apps to update data from the background process such as push notification. You can customize this level to your choice. This level is not compatible with the level from 2.0. So any data that is stored using the previous version, will not be accessible. To maintain backward compatibility, add a line to AppDelegate as follows:
// set DefaultAccessible as follows SecureStorageImplementation.DefaultAccessible = Security.SecAccessible.Invalid;
Thanks for using Secure Storage Plugin. You can find the plugin and API documentation here: