How to Store Auth Tokens in Routine Apps
6 min readDec 24, 2022
What do you do with a login token in your app? OWASP guides list storing a token in local storage as a vulnerability:
M2: Insecure Data Storage | OWASP Foundation
Vulnerable? Really?
I wonder what Google & Apple think about a broad declaration that their app storage is a vulnerability.
Here is the threat:
- adversary physically attains the mobile device
- the adversary hooks up the mobile device to a computer