Edit: see my answer for the solution

Currently working on a Hybrid App with Ionic where there is a requirement to store an authentication Token in order to keep the user logged in, and also guarantee that this data cannot be accessed outside the App context.

There is of course plenty of solutions for this task, each one with different pros-and-cons so it's confusing (for me) to locate the one technology that fits.

I've been looking at angular-localForage and other candidates:

---

LocalStorage

• Obvious choice for small data.
• Data gets wiped in iOS when the system is low on memory.

IndexedDB

• Buggy support in iOS (IndexedDB support)

WebSQL (SQLite)

• Apparently a good option for small data and decent support (WebSQL suppport) but it's deprecated.

SQLite

• There are related issues with Cordova in iOS.

LokiJS

• Looks like an overkill for this scenario but is definitely a strong candidate. Is the any security concerns I should be aware of (as I read it locally persist data to JSON files)?

PouchDB + SQLite

• Well, it's a JS client to work with CouchDB or Couchbase databases which can also work with SQLite but again I only need to store a Token..

---

So apparently the best option for Android/iOS cross-compatibility should ironically be WebSQL, but is no longer being developed and I have to guarantee long-term support.

So my question is: are there any other options I'm missing to securely store an access Token? If don't, which of the above ones should be the best choice for this task?

After doing some research I will share my conclusion.

Funny enough, none of the above candidates are suitable for securely storing an access Token. The approach should be using a native solution for both Android (Shared Preferences) and iOS (Keychain).

In the particular case of Ionic, a broadcaster plugin for Cordova could be used to communicate JS with Native so you can access the stored data.