Mnemonic should be removed from the device when app delete
Closed this issue · 1 comments
Currently the user mnemonic is securely stored using flutter_secure_storage which stores the value inside the device secured storage which is Keychain on iOS. The default behaviour of iOS is to not remove any data in Keychain even when the app is uninstalled. The mnemonic is securely stored this way as only the app with the specific provisional profile can access the specific key/value in the storage. However, users will feel uncomfortable if the value always stay on the device even if the app is removed and feel strange if the app sign in automatically when the app is reinstalled.
It is better to force the user sign out when the user remove the app or force the user sign in again when the app is reinstalled. The solution to this UX is to remove all the key/value in the secured storage on every app install. This can be achieved by detecting the First Run on iOS.
Here is a reference to the implementation in Flutter.
Thanks for the heads up @kwunyeung and providing a reference implementation 🙏 I've fixed this problem inside 6269783
You can find the implementation here: 6269783#diff-3cf0daa5234314b3eb9fd67f58ffab89R97