Where this plugin store the data in the phone storage?

[DhavalRKansara]

Hi, I have gone through this plugin and also I have used the localstorage for my application to store the sensitive data. You have just mentioned the Simple JSON file-based storage for flutter in the readme file. I have some doubts and I suggest you update your readme file with the answer to the below questions.

1. Can you please add some more information that where this plugin store the data inside the phone(Android and iOS)?
2. The stored data for the application is accessible for the user or not?
3. Are you using any encryption algorithm to store the data?

[fabianMendez]

Hi there

I think you should use the flutter secure storage plugin if you need to store sensitive data

[DhavalRKansara]

Hi there

I think you should use the flutter secure storage plugin if you need to store sensitive data

I know how secure storage work it store data in keychain and keystore and I am also storing some sensitive data for app into it such as token, PIN etc...

But is it okay to store json data which consume 30 to 40mb of memory in secure storage?

[fabianMendez]

I think it is fine because the plugin does not save the data inside the keystore but instead the keys used to encrypt/decrypt that data or at least that's what the readme says it does on Android.

Also, according to this issue, there does not seem to be any limit in the size of the data

[DhavalRKansara]

@fabianMendez Okay That is once a solution to store the data using flutter_secure_storage but still I want to know the information which I have mentioned above. because this is good for my use case when directly I can store JSON and retrieve it. Do you have any idea from above 3 points which I have mentioned n the problem?

1. Can you please add some more information where this plugin store the data inside the phone(Android and iOS)?
2. The stored data for the application is accessible for the user or not?
3. Are you using any encryption algorithm to store the data?

[fabianMendez]

Alright, answering your questions:

1. For Android and iOS, this plugin saves the data inside the directory returned by the getApplicationDocumentsDirectory method of path_provider, the file's name is the name you gave to the storage, for instance, in this case the file would be called example.json:

final storage = new LocalStorage('example.json`);

In Android this file would end up in this path:

/data/data/your.app.package/app_flutter/example.json

2. This should not be possible unless the device is rooted/jailbroken

If you try to cat the above path without root, you will get a "Permission denied" error:

generic_x86_64:/ $ cat /data/data/your.app.package/app_flutter/example.json
cat: /data/data/your.app.package/app_flutter/example.json: Permission denied

3. No, the data is stored in plain text

If you cat the above path with root you will see it's content:

generic_x86_64:/ $ su
generic_x86_64:/ # cat /data/data/your.app.package/app_flutter/example.json
{"hello":"world"}

[DhavalRKansara]

Thanks for the answer @fabianMendez.

[DhavalRKansara]

@lesnitsky @fabianMendez anwer is correct?

[lesnitsky]

@DhavalRKansara yes
check out https://github.com/flutter/plugins/tree/master/packages/path_provider/path_provider for more info (local_storage uses getApplicationDocumentsDirectory from path_provider)