Best practice to encrypt data on smartphone
What is best practice for the encryption of offline application data?
I have an application where multiple users can log in. The user gets data from an internet API, where the user authenticates. I want to store some of the data, for example, a list of events (name, location, etc.) offline in a database for access with no internet connection.
My plan is to use a key generated from a PBKDF2-algorithm with the users password and store the database in the app directory identifiable by the username. I'm not storing the password, just the username as the database name for checking during login, if the login data is available at all. I will delete the data and store the new updated data when there is internet access and the user logs in again.
Is this approach dangerous, because attackers can brute force the user password on these databases? Are there any security vulnerabilities or weaknesses that I'm missing out on?
Implementation notes: The programming language is Dart (in combination with the flutter framework) and the platforms are iOS and Android. The database will be a hive, which uses AES-256 encryption.
