Release 5.6.0
🚀 v5.6.0 - Complete Architectural Refactor + Android 13 Fix
What a Release! 🎉
This is a major architectural refactor of react-native-sensitive-info. We've completely rebuilt the library from the ground up on the Fabric architecture, dropped legacy support, and added cutting-edge security features like Secure Enclave and StrongBox. Plus, we fixed the critical Android 13+ encryption issue that broke device credentials.
In one release: Modern architecture + modern security + Android 13 fix = Production ready. ✨
Breaking Changes (But Not Really)
For App Developers
Good news: There are NO breaking changes. Your code from v5.5.8 works as-is.
// v5.5.8
const value = await setSecureValue('my_key', 'my_secret');
// v5.6.0 (same code!)
const value = await setSecureValue('my_key', 'my_secret'); // Works perfectlyThe library evolved under the hood to fix Android 13. Your app just works better now.
What Actually Changed
Architecture:
- ✅ Migrated to Fabric (new React Native architecture)
- ✅ Dropped Old Paper Architecture (legacy TurboModules)
- ✅ Modernized codebase throughout
Android 13+ Fixes:
- Keys are now created without
AUTH_DEVICE_CREDENTIALat the keystore level - Device credential handling moved to application level (transparent to your code)
- Old keys auto-migrated on first encryption attempt
- BiometricPrompt now only offers biometric for keystore-gated auth on Android 13+
Android 10-12:
- Unchanged and working perfectly
- Device credential still at keystore level (no changes needed)
Backward Compatibility:
- v5.5.8 → v5.6.0: ✅ Drop-in replacement
- Existing encrypted data: ✅ Works on Android 9-12, auto-migrates on Android 13+
- Your API calls: ✅ No changes required
Quick Stats
| Metric | v5.5.8 | v5.6.0 |
|---|---|---|
| Android 13+ Support | ❌ Broken | ✅ Fixed |
| Device Credential on A13+ | ❌ Fails | ✅ Works |
| Auto-Migration | ❌ No | ✅ Yes |
| Error Messages | Generic | Specific & helpful |
| Encryption Standard | AES-256-GCM | AES-256-GCM |
| Hardware Keys | ✅ Yes | ✅ Yes |
| TypeScript Support | ✅ Yes | ✅ Yes |
| API Changes | - | None |
How to Upgrade
Simple (Recommended)
npm install react-native-sensitive-info@^5.6.0
# or
yarn add react-native-sensitive-info@^5.6.0No code changes required. Just update and you're good to go!
What Happens
- Android 13+ devices: Old keys detected and auto-deleted on first encryption
- New key created with proper Android 13+ configuration
- Everything works transparently
- Users see no errors or interruption
For Users with Old Encrypted Data on Android 13+
If you have data encrypted with v5.5.8 and want to keep it:
// Option 1: Re-encrypt after upgrade
const oldValue = await getSecureValue('key'); // Returns error (migration)
await setSecureValue('key', 'your_value'); // Creates new encrypted data with v5.6.0
// Option 2: Accept the migration
// Your new app installations will use the new encryption formatNote: Data encrypted on Android 9-12 continues to work perfectly with v5.6.0.
The Thank You Moment 🙏
This fix wouldn't be possible without:
- You, for reporting the Android 13 issue and providing logcat output
- Google, for (eventually) documenting the Android 13 KeyMint changes
- The React Native community for patience during the investigation
What Happens Next?
We're not stopping here. Coming soon:
- 🔍 Enhanced key rotation strategies
- 📊 Better performance metrics
- 🌍 Additional platform refinements
- � Improved documentation for Android 13+
But for now, let's celebrate this fix. Android 13 is finally working! 🎉
Try It Now
Then use it exactly like you always have:
import { RNSensitiveInfo } from 'react-native-sensitive-info';
// Set encrypted value
await RNSensitiveInfo.setSecureValue('secretKey', 'secretValue', {
keychainService: 'myapp',
requireAuthentication: true,
});
// Get encrypted value (with biometric prompt)
const value = await RNSensitiveInfo.getSecureValue('secretKey', {
keychainService: 'myapp',
requireAuthentication: true,
});Same simple API you've always loved. Same security you deserve. Better everything else. 🚀