Building secure applications is a challenge you might face while developing Monaca applications. Important data, such as payment information or personal files, are potentially dangerous if they fall into the wrong hands. Today, we are introducing 3 ways to ensure the security of your applications’ data.
- Using KeychainPlugin
- Using Server-Side
- Using Secure Storage
KeychainPlugin provides native iOS secure storage for your data. The downside of this is that this option is limited to iOS applications.
First, install KeychainPlugin in Monaca. (require Gold Plan with Monaca)
After the installation finishes, fill out necessary configurations in both iOS App Setting and Build Setting. The build has to be done as an iOS application instead of using Monaca Debugger. Note that you will be asked to provide your Developer Certificate in the Build Setting.
Also, provisioning registration is required when you build your application so create your provisioning profile in advance.
Below you can find the snapshots of a demo application with KeychainPlugin.
Successfully stored data using Keychain.
If the key does not exist, null is returned. If the key does exist, the data can be retrieved.
Now we can store important data, such as user tokens or user IDs, securely with the KeychainPlugin.
Another way is to return the data that are stored on the server side to the application. In this case, you will use authentication (such as OAuth2) to establish a connection to the server side. Once the connection is established, the server side can return the required data to the application. One advantage is that, even if some problem happens, you only need to handle the server-side (e.g. refreshing tokens). As a trade off, this method requires an Internet connection during the process.
Using Secure Storage
Monaca Enterprise plan offers Secure Storage. Secure storage can provide reliable data access data for you applications. It is provided by encrypting saved data on devices, preventing information leaks in the case of theft or loss.
Ensuring data security involves numerous steps and it’s difficult. We could have stored user’s log every time they open the app, but it’s certainly a disadvantage for the user experience. We should always keep in mind the importance of the data we are handling and apply proper security options for those data.