I am making an app (with Phonegap Build, an extension of Apache Cordova), where you can download files. The problem is that the files can contain HIGHLY sensitive data. That's why I want to encrypt all the files when it is downloaded and stored on the device.
Problem 1
The file-transfer-plugin (https://github.com/apache/cordova-plugin-file-transfer) will download the files directly and will be stored on the device. If someone closes the app directly after, the file will still exist on the device.
Solutions:
- Use the onPause event of the framework (if the app closes, delete all files in a special made directory). But will it be executed on a "hard" app exit?
Problem 2
After the files are downloaded, the files need to be encrypted. But, I can't find a good plugin that fully fulfill my needs. I really want to encrypt it, because on Android those high sensitive files can be stored on SD-cards.
Solutions:
- I tried to use the safe-plugin for file encryption (https://github.com/disusered/cordova-safe). The problem is that the build process will fail for Android in Phonegap Build.
Notes
- I need a solution for iOS and Android.
- Only personal private data will be retreived, so there will be no data stored of someone else.
- The Cordova security guide (https://cordova.apache.org/docs/en/latest/guide/appdev/security/) is out of date (or not specified for file encryption yet). Does this mean that file encryption is still an ongoing process?
I hope someone have experience with file encryption for hybrid apps and can give me valuable advice for my problem. Thank you in advance!
