Passes/Cards

sciurius · 2019-09-13T19:01:20.262Z

I was wondering whether it would be possible to use Joplin as a cards wallet, in particular on my Android mobile.
I can take a picture of a card (credit card, debit card, drivers license and so on) and associate it with a note, but I really would like to keep the information encrypted and only decrypt when I need it.

Encrypted notes is an often asked for feature but AFAIK there are currently no plans to implement this.
So the bottom line could be: are there Android apps that do what I described above?

vb0 · 2019-09-21T02:33:11.521Z

Since Android 5 (~2014?) all user data in Android should be encrypted anyway by the OS.

laurent · 2019-09-21T11:03:38.711Z

That’s one of the reason I’m not so keen to add encryption to the client side. Eventually people will realise that 1. their device is already encrypted (or if it’s not, that it’s easy to do so) and 2. that they shouldn’t share their account with other people, and instead create a separate account. That would make all the efforts and complexity required to implement app-level encryption a waste.

It seems to me the main use case for app-level encryption is sharing devices or leaving devices unlocked in the family home, which even app-level encryption can’t protect from (if the device is unlocked anyone can install a keylogger, etc.).

sciurius · 2019-09-21T17:41:12.278Z

If that were true, why do companies like Samsung provide things like “secure folder”?

Also, files on external SD card are not encrypted.

tessus · 2019-09-21T18:44:31.777Z

sciurius:

Also, files on external SD card are not encrypted.

This is only partly true. e.g. if you move an application to the SD card, an individually encrypted container is created, which means this app can only be run on that very phone.
But if you just move any data from internal to external, then it will not be encrypted unless your device encrypts SD cards.

vb0 · 2019-09-21T19:11:14.789Z

Secure folder/Knox was born as an Enterprise feature to separate the work and personal use of the phone. If you would install for example some game from some shady developers and gave it permissions to read the file-system still it wouldn’t be able to grab the work documents you manage inside Knox for example.

People don’t realize how unreachable are the files until the need to access them appears. See here: Lost 1.5 Months of Notes/Where does Joplin store notes in Android File System? . No special configuration, encryption or anything (even if not stated explicitly just a normal, run of the mill Android phone). Still even THE OWNER OF THE PHONE WITH THE PHONE UNLOCKED, running anything (including the OS file manager) won’t be able to grab the files saved by Joplin.

I think a good compromise for the phones would be to enable in the app the option to use the fingerprint or whatever bio-metrics or pin the phone has. It won’t have all the usual trouble with how to make sure the user doesn’t forget the pin or how to reset it and so on (as it has to manage it for the phone already) and even if the actual security benefits would be minimal the perception boost in the eyes of people who think “this is terribly insecure, anybody can read my notes” would be huge.

sciurius · 2019-09-23T08:22:51.661Z

Summarizing, there seem to be multiple (at least two) levels of protection.

First, and major, protection is when the device is off, or at the lock screen. All data should be 100% safe at this point. (Occasionally we do hear about phones getting broken into, e.g. by the police. This makes me doubt the 100% safety.)

Second, when the phone is unlocked and you temporarily give it to someone else, e.g. a friend to make a phonecall, or view some pictures. In this case I would still want an additional layer of protection for certain sensitive data.
Yes, I know, I should make a guest account for this and switch to the guest account before handing out the phone, but this is tedious and you can be sure you forget to make the things that you want to share available to guests...

And we must keep in mind that beneath all apps is a support layer (Google Services) that is capable of doing literally anything. It has all access to everything. A malicious app running under a guest account could gain access to sensitive data using the Google Services -- we just do not know and hence we can not be sure.

vb0:

Still even THE OWNER OF THE PHONE WITH THE PHONE UNLOCKED, running anything (including the OS file manager) won’t be able to grab the files saved by Joplin.

For this reason, procedures to root a device usually include disabling the storage encrypion.

vb0 · 2019-09-23T08:52:52.724Z

sciurius:

Second, when the phone is unlocked and you temporarily give it to someone else, e.g. a friend to make a phonecall, or view some pictures. In this case I would still want an additional layer of protection for certain sensitive data.

This is not "encrypted notes", it's "protected notes", it is some kind of access control. I did agree previously (see my post) that it would be a good idea to implement - I presume its API is pretty straightforward to use and just ask for the normal phone credentials (many, many apps do it, the phone is unlocked but asks for pin or fingerprint to go into onenote or the banking app or whatever). Also is much easier to support as you don't need to care about how to recover it if the user forgets the password or something like that, everything is implemented in phone's OS and if they can't unlock the phone they already have bigger problems...

sciurius:

For this reason, procedures to root a device usually include disabling the storage encrypion.

It's even worse nowadays, for the device (not the SD card) I don't think there are still mainstream devices where you can disable the encryption. And even more if you even can root it at all the procedure involves first unlocking the bootloader (again if possible at all, it probably isn't for the vast majority of devices) and this comes with a full wipe of the device. Sure, after you could install your own OS and do anything (including presumably something without encryption at all) but there is not way to decrypt what is already there.

sciurius · 2019-09-23T10:18:16.198Z

Yes, rooting implies a full wipe. Which is not unreasonable .
However it is (sometimes? often? always?) possible to install stock os on top of a custom boot loader that bypasses the encryption. If you do not root it, this results in a device that is in all aspects identical to the unmodified version, but without the encryption. (Samsung users: and without Knox.)

But we're getting a bit off-topic.

saraparker · 2019-09-30T17:07:15.393Z

I Think there is nothing secure. Even the deleted folder can be accessible, Then how a file will be safer in lock folders like that.

sciurius · 2019-09-30T17:27:28.340Z

I've created an app that contains one encrypted file. Only with the right passphrase the contents of the file will be decrypted and shown.
Given that industrial grade AES encryption is used, I consider this safe. Safe enough.
Of course, the passphrase is on a stickie note attached to my screen .