Frequently Asked Questions
Show
- Is Secure File Manager free?
- Is Secure File Manager open source?
- Where I can find a privacy policy?
- I uninstalled my app and all my hidden files are gone. Also, I can't decrypt encrypted files. What should I do now?
- How can I safely uninstall the app?
- How do you store my password?
- How can I lock the app?
- How are my files encrypted?
- Where can I request a new feature?
- Where can I report a security issue or a vulnerability that I found?
- The application behaves unexpectedly. What should I do now?
- Why the app needs (specific) permission?
- Has Secure File manager been audited?
- The app doesn't work when I have night light enabled. What can I do?
- I have a rooted device. Are there some security implications
- I still haven't found an answer?
Yes, Secure File Manager is free forever.
Yes, Secure File Manager is published as open-source under GPLv3. Check out our GitHub repository. We welcome you to review the code, give us feedback or contribute!
You can read our privacy policy here.
I uninstalled my app and all my hidden files are gone. Also, I can't decrypt encrypted files. What should I do now?
Your hidden files are gone forever, there is no way to get them back. Additionally, as your private keys are gone forever you will never be able to decrypt your encrypted files. You were warned! Multiple times...
Unhide all your hidden files and decrypt all encrypted files. After that, you can uninstall the app without a doubt.
We do not store your password while you are creating an encrypted Zip file. If you create an app password, your password is hashed, before it is stored. We use the Argon2 algorithm, more precisely the Argon2Kt library. We use the following parameters for the hashing algorithm as a compromise of security and user-friendliness:
- Mode: Argon2id
- Salt: random 258 bits generated with SecureRandom
- Iterations: 1
- Memory cost: 5% of memory in your device (default 64 MB)
- Parallelism: Number of processors in your device
- Hash length: 258 bits
The hashed password is stored encrypted in EncryptedSharedPreferences using androidx.security.crypto library. We using AES256-GCM without padding as a key to encrypt the hashed password. If is available, the StrongBox security chip is used. The key is stored in the Android keystore. If you are more curious, you are can check the source code.
To lock the app you must first setup authentication at the settings. After that, the app is locked if one of the conditions is met:
- app was quit
- app was locked via the notification
- device was locked
- app was failed (some app bug)
- device was booted (if a device was unexpectedly turned off and the app is in unlocked state)
These requirements are designed for a better user experience.
We use the androidx.security.crypto library, more precisely EncryptedFile to encrypt your files. We are using AES256-GCM without padding as a key to encrypt your files. If it's available, the StrongBox security chip is used. The key is stored in the Android keystore. If you are more curious you can check the source code.
You can create a new issue in the Github repository.
The app code is published on GitHub, and we invite security experts to check the code. In case you find a vulnerability in the app, please report it directly to us so we can fix it.
Please, create a new issue in the Github repository or contact us directly so we can fix it.
The app needs the following permissions:
- READ_EXTERNAL_STORAGE and WRITE_EXTERNAL_STORAGE - this is the file manager
- FOREGROUND_SERVICE - needed for creating a notification
- RECEIVE_BOOT_COMPLETED - to lock the app after a phone is booted (if the phone was unexpectedly turned off and the app was in an unlocked state)
Not yet. We would be pleased if somebody could do it.
If you use a third-party night light app, you should turn off the night light. Alternatively, you can use native night light mode if your Android OS supports it.
Note: The night light is not working, because of the enabled filterTouchesWhenObscured flag. This flag prevents tapjacking attacks.
If you have a rooted device, this app is useless. In this case, all security features in this app can be easily exploited.
E.g. feature "hiding files" is designed on the specifics of the android storage. The android have 2 main types of storage:
- App-specific storage: Store files that are meant for your app's use only, either in dedicated directories within an internal storage volume or different dedicated directories within external storage.
- Shared storage: Store files that your app intends to share with other apps, including media, documents, and other files.
When an file is hidden, the file is moved from the "shared storage" to the "app-specific storage". When an file is unhidden, the file is moved from the "app-specific storage" to the "shared storage".
In case of rooted device, all applications can see the "app-specific storage".
Please, create a new issue in the Github repository or contact us directly so we can fix it.