Use keychain to store api token

[neerajwahi]

We're currently using AsyncStorage (https://facebook.github.io/react-native/docs/asyncstorage.html) which is unencrypted. We should use the keychain on iOS (and its equivalent on Android) to store this data.

This is probably ok on iOS because apps can only access their own sandbox (and the disk is usually encrypted), but it's best to move to use the keychain. I don't know the story on Android

[timabbott]

We definitely get questions about whether the data is encrypted at rest; so once we've at least done this for the crypto material, we should think about doing it for other things.

[borisyankov]

https://github.com/oblador/react-native-keychain
https://github.com/classapp/react-native-sensitive-info

[neerajwahi]

@timabbott what other things did you have in mind? We're currently not persisting any messages to disk, but iOS uses full-disk encryption so I think it's ok to store that data in the filesystem

[timabbott]

I guess if we're doing caching only in memory, just doing the credentials properly is good enough. Cool.

[zulipbot]

Hello @borisyankov, you have been unassigned from this issue because you have not updated this issue or any referenced pull requests for over ten days.

You can reclaim this issue or claim any other issue by commenting @zulipbot claim on that issue.

Thanks for your contributions, and hope to see you again soon!