cryptomator
Show a warning (graphical) if someone changes "Settings" when all the vaults are locked
Please agree to the following
- [x] I have searched existing issues for duplicates
- [x] I agree to follow this project's Code of Conduct
Summary
Security (potential risk)
Motivation
I noticed that it is possible changing some app settings without a password.
So when a user, temporarily lose the device control, anyone can changes app behaviors without user awareness.
Put a graphical warning in the home directory (when settings change) resettable only after provided a master password or a local pin.
Considered Alternatives
No response
Anything else?
No response
For the same reason: "add a new vault" (creating) should be possible only when at least a pre-existant vault is opened.
An app (local) pin (six digits) can solve these issues effectively.
An app (local) pin also prevent that unauthorized actors can deleting a vault.
But it remains always possible to do it via file manager, so this poses a serious reasoning on security.
Are administrator privileges necessary to prevent unauthorized actors from erasing a vault?
https://github.com/cryptomator/android/issues/13 is not exactly the same but I think this could be an option that the complete app is locked with a pin and only when entered, it can be accessed.
Are administrator privileges necessary to prevent unauthorized actors from erasing a vault?
Someone with access e.g. to your (cloud) files can delete the vault at anytime. On the device itself you need to go through the UI of the app or need root access to make changes in the database but also have a look at our security-target.
Device side: With "you" you mean any entity with capability (fingers, human) to touch, physically, the screen UI?
Device side: With "you" you mean any entity with capability (fingers, human) to touch, physically, the screen UI?
Yes, the screen UI of the Cryptomator Android app.