axolotl
axolotl copied to clipboard
nanu-c
db.sql saves deleted chat messages in plain text
I was poking around and found a file at ~/.local/share/textsecure.nanuc/db/db.sql . This file has mostly plain text and random characters mixed together, but is easily readable. This is a complete log of all texts sent and received as well as all of the deleted texts sent or received along with senders phone numbers. This seems like it is a security problem to me. Does this seem like an issue?
Steps to Reproduce
Any texting appears in the log
Expected behavior: Everything should be encrypted
Actual behavior: Its not really encrypted
Reproduces how often: Always
Versions 0.4.1
I am not using a password on the app, but I don't think that should matter. The text in question is "deleted" text. The information should be deleted. But I guess if it must be saved for some short period of time, then it should atleast be encrypted.
uh creepy..i tested it..i send a message via the app and deleted in the app..after sending it appears in the db.sql and after deleting it disappeared from the database..i did not use any passphrase..
but if i enable a passphrase i am not able to open the db.sql with sqlitebrowser..so everything is fine i think :)
As it is not possible to delete any message at the moment/version 0.7.0 this ticket is more important then ever, I guess?
longpress :)
With https://github.com/nanu-c/axolotl/pull/385 merged it is now possible to delete messages again. What exactly here is the problem? db.sql has a sort of history of executed queries which is in plain text and contains the deleted messages?
I have to agree with @Flaburgan here, I do not see the problem specifically with this issue. I suggest to close this issue both due to it being several years old by now, but also due to lack of further details and input.
