CRITICAL:
- SEC-001: Auth tokens now stored in SecureStore (Keychain/Keystore)
- SEC-002: Biometric bypass removed - alerts user and disables when unavailable
HIGH:
- SEC-003: Push projectId moved to EXPO_PUBLIC_EAS_PROJECT_ID env var
- SEC-004: Token refresh mechanism added with refreshSession/hydrateTokens
- SEC-005: debug already gated on __DEV__ (confirmed)
MEDIUM:
- SEC-006: All PII stores (darkwatch, voiceprint, spamshield, settings, auth) now use encrypted AsyncStorage
- SEC-007: Certificate pinning documented with TODO for production
- SEC-008: Login brute force protection: 5 attempts then 5-minute lockout
LOW:
- SEC-009: Watch list input validation with format checks per entity type
- SEC-010: Upgrade Plan button shows billing coming soon alert
Michael Freno
a8a5930ced