[Feature request] Encrypt secret key on local storage #182
Comments
|
Android isolates app's private storage, so no app can see other app filles. Except in case there is root access ofc, but it's generally impossible to protect something from root I think there is no need to encrypt already encrypted and strongly isolated app's private storage |
|
Agreed that app storage is more or less secure for a reputable device manufacturer. I think at least the exported token should be encrypted since those are in shared storage. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
It is not clear to me if the secret keys are encrypted on the device local storage and decrypted when the apps starts, can you please state on this?
If not done, I strongly suggest that all TOTP secret keys are encrypted, even without entering a password or checking 'authentication required' (like Signal Messenger does for example).
This way, no hacker is able to read the configuration file and retrieve the secret keys.
I think it is very important for a security app.
I put this separate of issue #128 because that one is done for exports encryption which is something else, although still important.
The text was updated successfully, but these errors were encountered: