Skip to content

Preventing Session Copy On Rooted Devices By Encrypting Current Session Files #1192

New issue
New issue
Open
Open
Preventing Session Copy On Rooted Devices By Encrypting Current Session Files#1192
Labels
type:featureNew feature or improvement of existing feature
@ghost

Description

@ghost
ghost
opened on Mar 17, 2023

New Feature / Enhancement Checklist

  • I am not disclosing a vulnerability.
    I am not just asking a question.
    I have searched through existing issues.

Current Limitation

Currently the SDK saved cached user session as clear text files.

Feature / Enhancement Description

Encrypting cached user sessions using Jetpack security features to prevent session copy on rooted devices.

Alternatives / Workarounds

No workarounds at the moment.

3rd Party References

I found this gist which provides a good way for testing encryption methods on Robolectric.

Activity

parse-github-assistant

parse-github-assistant commented on Mar 17, 2023

@parse-github-assistant
parse-github-assistantbot
on Mar 17, 2023

Thanks for opening this issue!

  • 🎉 We are excited about your ideas for improvement!
ghost mentioned this on Mar 17, 2023
mtrezza
added
type:featureNew feature or improvement of existing feature
on Mar 18, 2023
rommansabbir
mentioned this on Aug 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

No one assigned

    Labels

    type:featureNew feature or improvement of existing feature

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

      Development

      Participants

      @mtrezza

      Issue actions
        Preventing Session Copy On Rooted Devices By Encrypting Current Session Files · Issue #1192 · parse-community/Parse-SDK-Android