🔒 Secure Storage Handling Guidelines (iOS & Android)

The REL-ID SDK securely stores sensitive data—such as user identifiers, session state, and device binding information—using platform-specific secure storage mechanisms:

• iOS: Keychain
• Android: Keystore, Encrypted SharedPreferences, or Secure Storage

This secure data is critical for maintaining consistent SDK behavior across sessions, app launches, and even app re-installs.

1. When Modifying Secure Storage

If your app interacts with secure storage, follow these best practices:

• ❌ Do not clear SDK-managed secure data unless absolutely necessary.

• ✅ Only manage app-specific entries—never modify data created or owned by the SDK.

• 📱 App Reinstallation Consideration:

  • iOS may retain secure storage data across re-installs.
  • Your app must detect and handle existing SDK data after reinstalling.

• ⚠️ Avoid global resets of secure storage during:

  • First-time app launch
  • New user registration

• 👥 Multi-user Support:
  Handle user-specific tokens or credentials at the app level. Only wipe SDK data if you intend to fully reset the SDK.

2. If SDK Secure Data Is Accidentally Cleared

Clearing SDK-managed data may result in:

• 🔄 Disrupted login/session flows as key identifiers are lost.
• 📱 Device treated as new, triggering reactivation
• ❓ Silent SDK failures or inconsistent behavior

3. Recommendations

• ✅ Scope all secure storage operations to app-owned entries only
• ⚠️ Only clear secure storage if performing a full app reset, and ensure the SDK is re-initialized afterward
• 📣 Share these guidelines with all teams (Development, QA, etc.) to prevent accidental disruption