problem using getAllGenericPasswordServices in react-native-keychain

Question

I'm trying to use react-native-keychain api and having some problems with getAllGenericPasswordServices()

I want to retrieve all the names of the passwords that I stored in the keychain in typeof array so I could show the client a list of all of his keychain names. but unfortunately, the typeof the response is Object :(. is it possible to retrieve an array ?

import * as Keychain from 'react-native-keychain';

export const getAllProperties = async () => {
  try {
    const allProperties = await Keychain.getAllGenericPasswordServices();
    if (allProperties) {
      console.log(
        'add new code utils - getAllProperties - ' +
          allProperties +
          typeof allProperties,
      );
    } else {
      console.log('No credentials stored');
    }
  } catch (error) {
    console.log("Keychain couldn't be accessed!", error);
  }
};

and another question ;) I'm testing this library using android studio emulator and i'ts not seem to be so secure, I mean I Can retrieve the data without any faceId, code or fingerPrint request.. Is it becuse of the emulator or I should enable it in the code ?

Answer 1

Regarding your first question, the typeof the response is showing Object because in javascript all derived data type is always a type object. Included functions and array.

In case you need to check if it’s an array you can use isArray method of Array

Array.isArray(allProperties)

Regarding your second question, In the official documentation of API getAllGenericPasswordServices() in react-native-keychain they stated that on iOS getAllGenericPasswordServices() will actually read the encrypted entries, so it will trigger an authentication UI if you have encrypted any entries with password/biometry.

So we can assume that in Android, security of the keychain is tied to the security measures enforced by the Android operating system, such as device lock screen password/biometry.

While the emulator environment may not provide the same level of security as a physical device that has appropriate security measures. So it's important to test your code on real devices to ensure that the appropriate security measures are enforced and that the keychain entries are protected.