-
Notifications
You must be signed in to change notification settings - Fork 9
Security settings
We at first used the library biometric_storage which does both things:
- Authenticates the user (using biometric storage or other means if that's not available)
- Uses the device's secure storage mechanism to get/set encrypted key/value storage
We had a problem with biometric_storage in that it was randomly throwing exceptions, it seems not well supported and on windows the cpp files were always recompiled (adding to compilation times).
We've then decided to use local_auth (missing on Linux) to do the #1 above and flutter_secure_storage to do the #2.
There is a caveat on Linux though: The flutter_secure_storage plugin uses libsecret-1-dev on this platform. AFAIK Linux desktop is not aware of any kind of app signing, so if our app can access secret content, then any application will be able to do so as well (once the user logs into the desktop). Exact mechanism of how this works and how it can be fixed needs to be investigated.