Frequently Asked Questions

Frequently Asked Questions

Content

Show

• Is Secure File Manager free?
• Is Secure File Manager open source?
• Where I can find a privacy policy?
• I uninstalled my app and all my hidden files are gone. Also, I can't decrypt encrypted files. What should I do now?
• How can I safely uninstall the app?
• How do you store my password?
• How can I lock the app?
• How are my files encrypted?
• Where can I request a new feature?
• Where can I report a security issue or a vulnerability that I found?
• The application behaves unexpectedly. What should I do now?
• Why the app needs (specific) permission?
• Has Secure File manager been audited?
• The app doesn't work when I have night light enabled. What can I do?
• I have a rooted device. Are there some security implications
• I still haven't found an answer?

---

Is Secure File Manager free?

Yes, Secure File Manager is free forever.

Is Secure File Manager open source?

Yes, Secure File Manager is published as open-source under GPLv3. Check out our GitHub repository. We welcome you to review the code, give us feedback or contribute!

Where I can find a privacy policy?

You can read our privacy policy here.

I uninstalled my app and all my hidden files are gone. Also, I can't decrypt encrypted files. What should I do now?

Your hidden files are gone forever, there is no way to get them back. Additionally, as your private keys are gone forever you will never be able to decrypt your encrypted files. You were warned! Multiple times...

How can I safely uninstall the app?

Unhide all your hidden files and decrypt all encrypted files. After that, you can uninstall the app without a doubt.

How do you store my password?

We do not store your password while you are creating an encrypted Zip file. If you create an app password, your password is hashed, before it is stored. We use the Argon2 algorithm, more precisely the Argon2Kt library. We use the following parameters for the hashing algorithm as a compromise of security and user-friendliness:

• Mode: Argon2id
• Salt: random 258 bits generated with SecureRandom
• Iterations: 1
• Memory cost: 5% of memory in your device (default 64 MB)
• Parallelism: Number of processors in your device
• Hash length: 258 bits

The hashed password is stored encrypted in EncryptedSharedPreferences using androidx.security.crypto library. We using AES256-GCM without padding as a key to encrypt the hashed password. If is available, the StrongBox security chip is used. The key is stored in the Android keystore. If you are more curious, you are can check the source code.

How can I lock the app?

To lock the app you must first setup authentication at the settings. After that, the app is locked if one of the conditions is met:

• app was quit
• app was locked via the notification
• device was locked
• app was failed (some app bug)
• device was booted (if a device was unexpectedly turned off and the app is in unlocked state)

These requirements are designed for a better user experience.

How are my files encrypted?

We use the androidx.security.crypto library, more precisely EncryptedFile to encrypt your files. We are using AES256-GCM without padding as a key to encrypt your files. If it's available, the StrongBox security chip is used. The key is stored in the Android keystore. If you are more curious you can check the source code.

Where can I request a new feature?

You can create a new issue in the Github repository.

Where can I report a security issue or a vulnerability that I found?

The app code is published on GitHub, and we invite security experts to check the code. In case you find a vulnerability in the app, please report it directly to us so we can fix it.

The application behaves unexpectedly. What should I do now?

Please, create a new issue in the Github repository or contact us directly so we can fix it.

Why the app needs (specific) permission?

The app needs the following permissions:

• READ_EXTERNAL_STORAGE and WRITE_EXTERNAL_STORAGE - this is the file manager
• FOREGROUND_SERVICE - needed for creating a notification
• RECEIVE_BOOT_COMPLETED - to lock the app after a phone is booted (if the phone was unexpectedly turned off and the app was in an unlocked state)

Has Secure File manager been audited?

Not yet. We would be pleased if somebody could do it.

The app doesn't work when I have night light enabled. What can I do?

If you use a third-party night light app, you should turn off the night light. Alternatively, you can use native night light mode if your Android OS supports it.

Note: The night light is not working, because of the enabled filterTouchesWhenObscured flag. This flag prevents tapjacking attacks.

I have a rooted device. Are there some security implications?

If you have a rooted device, this app is useless. In this case, all security features in this app can be easily exploited.

E.g. feature "hiding files" is designed on the specifics of the android storage. The android have 2 main types of storage:

• App-specific storage: Store files that are meant for your app's use only, either in dedicated directories within an internal storage volume or different dedicated directories within external storage.
• Shared storage: Store files that your app intends to share with other apps, including media, documents, and other files.

When an file is hidden, the file is moved from the "shared storage" to the "app-specific storage". When an file is unhidden, the file is moved from the "app-specific storage" to the "shared storage".

In case of rooted device, all applications can see the "app-specific storage".

I still haven't found an answer?

Please, create a new issue in the Github repository or contact us directly so we can fix it.