FCM Device token is getting stored in Cache.db file as plaintext

[ashitanema98]

Description

With some recent testing over iOS, I found the device token generated at the start of the Flutter App instance is getting stored in the device's filesystem, in the Cache.db database inside the application sandbox, in an unencrypted format.

token={{token_value}}

Is there any way to avoid it ?

Reproducing the issue

•  Run a flutter app, having push notification service using FCM enabled.
  

• After the app runs successfully, go the path 
  

~/Data/Application/<APP ID>/Library/Caches/<PACKAGE ID : com.myapp...>/Cache.db

• Open the Cache.db file with any SQL DB viewer software, I have used SQLite.
  

• Under the tables, you can see some data like : token={{token_value}}
  

Firebase SDK Version

10.29.0

Xcode Version

16.2

Installation Method

CocoaPods

Firebase Product(s)

Messaging, AB Testing, Analytics, App Distribution, Crashlytics, DynamicLinks, Performance

Targeted Platforms

iOS

Relevant Log Output

If using Swift Package Manager, the project's Package.resolved

Expand Package.resolved snippet

Replace this line with the contents of your Package.resolved.

If using CocoaPods, the project's Podfile.lock

Expand Podfile.lock snippet

Replace this line with the contents of your Podfile.lock!

[google-oss-bot]

I couldn't figure out how to label this issue, so I've labeled it for a human to triage. Hang tight.

[paulb777]

Internally tracked at b/390380574