Frequently Asked Questions
Q: How does the library handle encryption when storing secrets, and can it upgrade the encryption?
A: The library automatically applies the highest possible encryption when storing secrets. However, once a secret is stored, it does not attempt to upgrade the encryption unless Facebook Conceal was used and the SECURITY_RULES
option is set to AUTOMATIC_UPGRADE
.
Q: What happens if the user disables or drops biometric usage?
A: The user will lose the ability to retrieve the secret from storage. If biometric access is re-enabled, access to the secret will be restored.
Q: Is it possible to implement automatic downgrading?
A: From a security perspective, automatic downgrading is considered a "loss of trust." Developers should implement their own logic to allow downgrades and handle the "security loss" accordingly.
Recommendation: Avoid implementing automatic downgrades.
Q: How do I enable automatic upgrades for Facebook Conceal?
A: Use the following call:
getGenericPassword({ ...otherProps, rules: "AUTOMATIC_UPGRADE" });
Ensure the rules
property is set to the string value AUTOMATIC_UPGRADE
.
Q: How do I force a specific level of encryption when saving a secret?
A: To force a specific encryption level, call:
setGenericPassword({ ...otherProps, storage: "AES" });
Note: If you attempt to force
RSA
storage when biometrics are not available, the call will be rejected with an error related to the device's biometric configuration.