Secure Storage of Sensitive Data

Risk: Seedphrases or sensitive data (e.g., JSON files with keys) may be inadvertently exposed if not securely stored or if backed up to cloud storage.

Control:

Sensitive data (e.g., seedphrases, JSON files) is stored using the secure storage features of each mobile OS, ensuring encrypted, protected storage of secrets on the device.
Auto-backup for secure storage is explicitly disabled to prevent cloud backups, mitigating the risk of third-party data leakage.

References:

Microsoft Secure Storage in .NET MAUI

NIST CSF Alignment:

PR.DS-1: Data-at-rest is protected
PR.DS-5: Access to data is restricted based on roles

FCA Compliance:

SYSC 3 & 13: Appropriate security for critical data
FG 16/5: Secure storage of sensitive customer information, prevent backups to untrusted locations

PreviousMobile App Development Risks and Controls NextCryptographically Secure Seed Generation

Last updated 8 months ago