Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Is KeePass Touch a fork of this project? #606

Open
JannesMeyer opened this issue Apr 9, 2018 · 15 comments

Comments

@JannesMeyer
Copy link

@JannesMeyer JannesMeyer commented Apr 9, 2018

Sorry if this is not an issue with MiniKeePass itself, but I couldn't find a more appropriate place to ask and I couldn't find the answer on Google neither.

Is "KeePass Touch" a fork of MiniKeePass? This is their US appstore listing: https://itunes.apple.com/us/app/keepass-touch/id966759076?mt=8

When looking at the user interface the two apps seem very similar, but the app developer (Innervate UG & Co. KG, a small startup/app development agency from Germany) doesn't mention anywhere that the app is based specifically on MiniKeePass. In the help section of the app they only mention that the source code is available by emailing them. But they don't even mention under which license they would be providing the source code:

img_0129

I sent an email to the aforementioned address 2 weeks ago but still haven't heard back.

I'm wondering if you're aware of this and if you have any more information? Has anyone else tried emailing them?

@mstarke

This comment has been minimized.

Copy link

@mstarke mstarke commented Apr 17, 2018

Consider KeePass Touch an unmaintained unauthorized fork but mainly a dead end.

Once upon a time there was a company that had published both KeePass Touch and KeePass Desktop. KeePass Touch did look a lot like MiniKeePass and KeePass Desktop reminded me of my own tool MacPass. After some investigation and clarification of GPL licence violations (with MacPass as well as MiniKeePass) they removed KeePass Desktop from the Mac App Store. The company vanished and the (only?) developer resurfaced as head of another company behind KeePassTouch. If you dig a bit you can find out who he is and might get in contact with him personally. They did send me source code on request for both KeePass Desktop as well as KeePass Touch but my impression was that the software was merely re-released but not maintained.

@JannesMeyer

This comment has been minimized.

Copy link
Author

@JannesMeyer JannesMeyer commented Apr 17, 2018

Thanks very much for you answer. That's very interesting. It confirms my suspicion that the developer is violating the GPL.

It seems that KeePass Touch is slightly more popular with users than MiniKeePass, because the developer added quite a few sync options (Dropbox, Google Drive, OneDrive, FTP, ...)

And then he added advertisements + an IAP for ad removal and called it a day without ever releasing the source code.

I definitely wouldn't be trusting my master password and password database to such an untrustworthy person and I'm concerned about other people that do.

@jsanglier

This comment has been minimized.

Copy link

@jsanglier jsanglier commented Apr 19, 2018

Keepass Touch is developed by this chap in Germany.

https://www.innervate.de/keepass-touch.html

@JannesMeyer

This comment has been minimized.

Copy link
Author

@JannesMeyer JannesMeyer commented Apr 19, 2018

Thanks, I saw that website already. However, the company only seems to have one product (KeePass Touch) and the rest of their activity is freelancing on App-Entwickler-Verzeichnis, I assume.

Nowhere do they offer the source code for download (as they should, because they forked the GPL-licensed MiniKeePass)

I even tried to use the contact form on that website to ask for the source code, but I haven't received a response.

@mstarke

This comment has been minimized.

Copy link

@mstarke mstarke commented Apr 19, 2018

@jsanglier The developer seems to be earning his living by working at another company so KeePassTouch might not get any attention.

@JannesMeyer The source code does not need to be openly available. GPL just states that if you obtained a legal copy of GPL licensed software you have the right to get the source code for that software. If you get a copy of the source via an email request this is perfectly fine.

@JannesMeyer

This comment has been minimized.

Copy link
Author

@JannesMeyer JannesMeyer commented Apr 19, 2018

I sent an email on the 27th of March requesting the open source code. I haven't heard back yet.

I guess the guy could be on holiday or he might not be paying any attention to KeePass Touch, like you say.

But strictly speaking he should still make the source code available on request as long as he's distributing binaries on the App Store.

@mstarke

This comment has been minimized.

Copy link

@mstarke mstarke commented Apr 20, 2018

You are right. You have the right to get the source code as this is GPL software. But I would not bet on you getting it anytime soon since the developers seems to be working for another company as head of iOS development so my guess is he's not even paying attention to anything related to KeePass Touch. This then should be reported as a violation of the GPL license.

@mstarke

This comment has been minimized.

Copy link

@mstarke mstarke commented Apr 20, 2018

Reporting a violation should be the last resort though. I would try to get in contact with the guy via another form of communication and ask for the code. If you aren't able to reach him via any means then a violation report should be pursued. I can try to find others ways to contact him if you like since I corresponded with him but I am not making this information public.

@JannesMeyer

This comment has been minimized.

Copy link
Author

@JannesMeyer JannesMeyer commented Apr 20, 2018

Sure, please go ahead and try to contact him.

I have tried kptouch@innervate.de and the contact form on innervate.de to no avail. I would greatly appreciate it.

One of my criteria for using a password manager is that it's open source, because it's a lot of trust you're placing in someone's hands when you basically hand over hundreds of passwords to the author of the software.

@westonstewart

This comment has been minimized.

Copy link

@westonstewart westonstewart commented Jun 3, 2018

KeePass Touch just released an update yesterday supporting KDBX 4 - i.e, I can now use it and KeePassXC on my Mac with the same file. Seems it is now one step ahead of MiniKeePass.

@twocoolbeans

This comment has been minimized.

Copy link

@twocoolbeans twocoolbeans commented Jun 11, 2018

Looking forward to support for KDBX 4/ Argon 2.

On another somewhat unrelated note when MiniKeePass does support the above and change the Key Derivation Function and Transform Rounds does a database need to be resaved (saved as) for the changes to take effect?

@Jellyfrog

This comment has been minimized.

Copy link

@Jellyfrog Jellyfrog commented Oct 25, 2018

They replied to my email so I uploaded the code they attached:
https://github.com/Jellyfrog/KeePass-Touch

@wget

This comment has been minimized.

Copy link

@wget wget commented Nov 5, 2018

@Jellyfrog would you mind to cherry pick the differences from that repo and make a PR to integrate them in this repository?

@wizard86pz

This comment has been minimized.

Copy link

@wizard86pz wizard86pz commented Feb 22, 2019

I'm using KeePass Touch on iOS (its source code should be here on GitHub since months...and I'd like to know if somebody better than me to analyze codes, can see any possible security flaw. Asking mostly to @mstarke that already helped me with an issue with his app.

@vinyanalista

This comment has been minimized.

Copy link

@vinyanalista vinyanalista commented Nov 4, 2019

Also note that "KeePass Touch" is abusing the name "KeePass" according to its author.

From https://keepass.info/download.html:

"KeePass" is the password manager developed by Dominik Reichl. Any software by other developers that is using the name "KeePass" in the software's name without any direct non-numeric prefix/suffix is abusing the name "KeePass" and we do not recommend such software. For example, "KeePassDroid" is ok, but "KeePass Droid" is not.

Similarly: "KeePassTouch" (all together) would be ok, but "KeePass Touch" is not.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
9 participants
You can’t perform that action at this time.