v6.0.0-rc.8

Release 6.0.0-rc.5 · 2025-10-27

Highlights

• 🔐 Secure storage now covers iOS, macOS, visionOS, watchOS, and Android with the same Nitro-backed core.
• 🪝 New React Hooks API streamlines listing, mutating, and clearing secrets with metadata.
• 🛠️ Android and iOS CI workflows refreshed for consistent Gradle and CocoaPods builds.

Hooks Included

• useSecureStorage
• useSecret
• useSecretItem
• useHasSecret
• useSecurityAvailability
• useSecureOperation

Platform Support

• 📱 iOS 13+
• 💻 macOS 11+
• 🥽 visionOS 1.0+
• ⌚ watchOS 7.0+
• 🤖 Android API 23+

Tooling & Docs

• ♻️ Android workflow YAML cleaned and Gradle caching restored.
• 📦 iOS workflow installs example dependencies before codegen to prevent missing modules.
• 📚 README platform matrix updated to highlight expanded Apple coverage and Windows removal.

v6.0.0-rc.3

🚀 What's New

🔐 Security & Biometrics

• ⭐ Automatic Class 3 enforcement: Android now locks onto strong (Class 3) biometrics by default when hardware supports them, gracefully falling back to the strongest available authenticator on older devices.
• 🗑️ Removed manual toggle: The androidBiometricsStrongOnly option is gone—strong biometrics are now the default behavior with no user knob to turn off.
• ✅ Simplified API surface: Cleaner Kotlin/JS/C++ bindings reflect the hardened defaults across all request types.

🎨 Example Playground Refresh

• 🎯 Hardware-aware selector: Access-control options now grey out unsupported policies in real-time, reflecting your device's actual capabilities.
• 🔄 Auto-upgrade logic: The UI automatically selects the strongest viable guard when you switch devices.
• 💡 Inline guidance: A helpful note explains that the native layer always picks the best security tier available.

📚 Documentation & Migration

Note

Pick your release track:

• 6.0.0-rc.2 (Nitro hybrid): Fastest path forward with 3.3× bridge speedup, richer metadata, and stronger defaults.
• 5.6.0 (Last bridge): Final pre-Nitro release with latest Android 13 fixes and namespace cleanups—Fabric architecture only.
• 5.5.x (Legacy): Paper architecture support, no new features—users should upgrade to 5.6.0 at minimum.

🔧 Under the Hood

• 📊 Enhanced SecurityAvailabilityResolver now tracks strong biometrics explicitly.
• 🎛️ Tightened AccessControlResolver to ensure secure-enclave requests only run when hardware is ready.
• 🏗️ Generated bindings (Kotlin, C++, Swift) pruned to match the simplified options payload.

📈 Performance & Reliability

• ⚡ Nitro v6 users see 3× faster operations compared to the classic bridge.
• 🛡️ Android 13 prompt hangs resolved via improved activity lifecycle tracking.
• 📱 Restored manual device credential fallback for Android 9 parity.

---

Release 5.6.0

🚀 v5.6.0 - Complete Architectural Refactor + Android 13 Fix

What a Release! 🎉

This is a major architectural refactor of react-native-sensitive-info. We've completely rebuilt the library from the ground up on the Fabric architecture, dropped legacy support, and added cutting-edge security features like Secure Enclave and StrongBox. Plus, we fixed the critical Android 13+ encryption issue that broke device credentials.

In one release: Modern architecture + modern security + Android 13 fix = Production ready. ✨

---

Breaking Changes (But Not Really)

For App Developers

Good news: There are NO breaking changes. Your code from v5.5.8 works as-is.

// v5.5.8
const value = await setSecureValue('my_key', 'my_secret');

// v5.6.0 (same code!)
const value = await setSecureValue('my_key', 'my_secret');  // Works perfectly

The library evolved under the hood to fix Android 13. Your app just works better now.

What Actually Changed

Architecture:

• ✅ Migrated to Fabric (new React Native architecture)
• ✅ Dropped Old Paper Architecture (legacy TurboModules)
• ✅ Modernized codebase throughout

Android 13+ Fixes:

• Keys are now created without AUTH_DEVICE_CREDENTIAL at the keystore level
• Device credential handling moved to application level (transparent to your code)
• Old keys auto-migrated on first encryption attempt
• BiometricPrompt now only offers biometric for keystore-gated auth on Android 13+

Android 10-12:

• Unchanged and working perfectly
• Device credential still at keystore level (no changes needed)

Backward Compatibility:

• v5.5.8 → v5.6.0: ✅ Drop-in replacement
• Existing encrypted data: ✅ Works on Android 9-12, auto-migrates on Android 13+
• Your API calls: ✅ No changes required

---

Quick Stats

Metric	v5.5.8	v5.6.0
Android 13+ Support	❌ Broken	✅ Fixed
Device Credential on A13+	❌ Fails	✅ Works
Auto-Migration	❌ No	✅ Yes
Error Messages	Generic	Specific & helpful
Encryption Standard	AES-256-GCM	AES-256-GCM
Hardware Keys	✅ Yes	✅ Yes
TypeScript Support	✅ Yes	✅ Yes
API Changes	-	None

---

How to Upgrade

Simple (Recommended)

npm install react-native-sensitive-info@^5.6.0
# or
yarn add react-native-sensitive-info@^5.6.0

No code changes required. Just update and you're good to go!

What Happens

1. Android 13+ devices: Old keys detected and auto-deleted on first encryption
2. New key created with proper Android 13+ configuration
3. Everything works transparently
4. Users see no errors or interruption

For Users with Old Encrypted Data on Android 13+

If you have data encrypted with v5.5.8 and want to keep it:

// Option 1: Re-encrypt after upgrade
const oldValue = await getSecureValue('key');  // Returns error (migration)
await setSecureValue('key', 'your_value');     // Creates new encrypted data with v5.6.0

// Option 2: Accept the migration
// Your new app installations will use the new encryption format

Note: Data encrypted on Android 9-12 continues to work perfectly with v5.6.0.

---

The Thank You Moment 🙏

This fix wouldn't be possible without:

• You, for reporting the Android 13 issue and providing logcat output
• Google, for (eventually) documenting the Android 13 KeyMint changes
• The React Native community for patience during the investigation

---

What Happens Next?

We're not stopping here. Coming soon:

• 🔍 Enhanced key rotation strategies
• 📊 Better performance metrics
• 🌍 Additional platform refinements
• � Improved documentation for Android 13+

But for now, let's celebrate this fix. Android 13 is finally working! 🎉

---

Try It Now

Then use it exactly like you always have:

import { RNSensitiveInfo } from 'react-native-sensitive-info';

// Set encrypted value
await RNSensitiveInfo.setSecureValue('secretKey', 'secretValue', {
  keychainService: 'myapp',
  requireAuthentication: true,
});

// Get encrypted value (with biometric prompt)
const value = await RNSensitiveInfo.getSecureValue('secretKey', {
  keychainService: 'myapp',
  requireAuthentication: true,
});

Same simple API you've always loved. Same security you deserve. Better everything else. 🚀

v6.0.0-rc.1

What's Changed

• fix(android): Error is null on invalidateEnrollment set to false by @denissb in #258
• feat: Adding a hasItem method by @denissb in #259
• Adding mavenCentral() as jcenter() is shutting by @maheshwarimrinal in #280
• Use Commit Over Apply by @netshade in #295
• Add kSecAttrAccessible to query in getItem by @geraintwhite in #297
• Convert Android encrypt/decrypt to use chunking by @geraintwhite in #301
• Feat/v6 by @mCodex in #449

New Contributors

• @maheshwarimrinal made their first contribution in #280
• @netshade made their first contribution in #295
• @geraintwhite made their first contribution in #297

Full Changelog: v6.0.0-alpha9...v6.0.0-rc.1

6.0.0-alpha.9

• Fixed build on Xcode 12 #246

v5.5.0

Added AndroidX support

v5.4.0

In this version we have:

Added FaceID
Improved .ts types

Thanks to the awesome contributors who made this possible. 🎉

v5.2.5

Fixed error using RNSInfo alongside RNKeychain.

This was released as a beta version, so to install just run:

yarn add react-native-sensitive-info@beta

v5.2.4

This was released as a beta version, so to install just run:

yarn add react-native-sensitive-info@latest

v5.2.2

Added .podspec, typescript support

This was released as a beta version, so to install just run:

yarn add react-native-sensitive-info@5.2.2

or

yarn add react-native-sensitive-info@beta