You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It is not clear to me if the secret keys are encrypted on the device local storage and decrypted when the apps starts, can you please state on this?
If not done, I strongly suggest that all TOTP secret keys are encrypted, even without entering a password or checking 'authentication required' (like Signal Messenger does for example).
This way, no hacker is able to read the configuration file and retrieve the secret keys.
I think it is very important for a security app.
I put this separate of issue #128 because that one is done for exports encryption which is something else, although still important.
The text was updated successfully, but these errors were encountered:
Android isolates app's private storage, so no app can see other app filles. Except in case there is root access ofc, but it's generally impossible to protect something from root
Also, Android has OS-level disk encryption (force enabled by default in modern versions)
I think there is no need to encrypt already encrypted and strongly isolated app's private storage
Agreed that app storage is more or less secure for a reputable device manufacturer. I think at least the exported token should be encrypted since those are in shared storage.
It is not clear to me if the secret keys are encrypted on the device local storage and decrypted when the apps starts, can you please state on this?
If not done, I strongly suggest that all TOTP secret keys are encrypted, even without entering a password or checking 'authentication required' (like Signal Messenger does for example).
This way, no hacker is able to read the configuration file and retrieve the secret keys.
I think it is very important for a security app.
I put this separate of issue #128 because that one is done for exports encryption which is something else, although still important.
The text was updated successfully, but these errors were encountered: