Local storage security (html5) on mobile devices?

Question

Local storage security (html5) on mobile devices?

if you write data to local storage using javascript on Android, for example:

localStorage.data = "test";

Is there any way to get and view this data? I have important data for saving, as personal information of the user, and I would not want anyone to see this data (even if they put some effort into it). Solutions?

+2

javascript html5 local-storage

gorgi93 Aug 23 '12 at 8:37

source share

2 answers

I assume that you are talking about a technical exploit, and not about the physical capture of the actual device?

If so, I understand that only the domain code from which the data was saved can access it. Thus, you are potentially vulnerable if someone manages an XSS attack, or you incorrectly included someone else's script.

+2

joevallender Aug 23 '12 at 8:41

source share

Denys seguret · Accepted Answer · 2012-08-23T08:40:52+0000

If you have access to a browser, you have no protection.

Anyone connecting to your site from a custom browser can simply type console.log(localStorage) in the developer tools (use Ctrl-uppercase-i in most browsers) to see it explicitly.

The solution may be to encrypt data using the key provided by the server, but it will not be so secure: it is easy (for example, using the extension) to change the javascript executable as soon as you get access to the browser (and you ask the user to return to the site). I would suggest storing this data on the server.

Local storage security (html5) on mobile devices?

More articles: