Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Encrypt key backups during PIN creation / changes #186
The "Update mobile environment score" issue at the bitcoin.org repo got me thinking about this one.... The proposed environment score reads:
The current passphrase/PIN feature doesn't encrypt the key-backup-protobuf files in the private data store. Although this isn't a problem (at the moment AFAIK) from a malware point of view, from a stolen or lost mobile point of view it seems more dangerous.
I really don't know just how dangerous this is (it would relate to the market share of rootable mobiles I suppose), but IMHO it should be addressed before it becomes a problem....
Yes, I think it's time to rethink the internal backups. There are two kinds of them:
What do you think?
Note: none of these internal backups survive an app uninstall, and of course they also don't help if you loose your phone. A manual backup is crucial!
I think that keeping a single internal backup, in addition to the existing (excellent) do-a-backup nag, is a good compromise.
Regarding deleting the existing
Android 4.3 implemented TRIM, which should make it pretty safe no matter how you delete old files. Prior to 4.3, simply deleting a file is unsafe; the data partition is ext4 from which deleted files can be recovered (given root). The ??? box is also theoretically unsafe, but I have no idea to what degree.
In short: overwriting seems better, but I really don't know what I'm talking about (it's all far outside my trade), so you should take all of this with a grain of salt (or twenty).
Regardless of how it's implemented, I think it'd be a very nice improvement.