If the webauthn api is supported, you can use it. When I checked in the past, I think IOS was ok but not Android.
It would be great if someone made a sdk for native apps!
Login to reply
Replies (3)
:110percent:
Cool, nice research! For the secret caching settings, if you store the key in memory for a long while (so you don't have to FaceID for every post or message, I presume) how safe is it there do you think?
It is the same as if the private key remains on the client.
This means that if malware breaks into the system or someone steals the device, the private key is at risk of being stolen.