What

At the moment, after a successfully login, the token values are persisted on device using the private shared preferences.

However, it is still possible to access the data and tamper with it. We should try to improve the security of it

How

There are a some libraries that provide encryption of the data stored in shared preferences and the key used for encryption is stored in the KeyStore. This should improve security