I'm currently researching the best way to store sensitive data on the various mobile platforms. My web service implementation uses OAuth2 for security so the plan is to initially ask for a users credentials to obtain the tokens (access and refresh) and then I'm going to store these instead of the users actual username and password.
Obviously iOS has had the KeyChain forever so that platform is a no brainer on the approach.
Since we are targeting Android 4.0+ (API level 14+) this platform also has a KeyChain so we are good to go here as well.
Is there a similar approach on the WP platform?
I was initially thinking about using plain encryption but this would still require some input from the user or a static password embedded in the application that would complete defeat the entire exercise and it seems a little daft when there are device enabled approaches to leverage in order to properly hand off some of the security concerns to the hardware. The problem is I cannot identify if the WP platform has a similar feature that could be used.
Any info would be great.