Cketti, Thanks for your reply, those are some valid points you made. My main concern over all of this is that there are a large number of people that use k-9 mail on a rooted phone that (like me for the last year) don't realize the security vulnerability of using this mail app. Bottom line, probably 2 min tops in a file manager of having someone's rooted phone in my hand with k-9 mail installed, I have their email passwords. Same goes for any app with root access.
If, on the other hand, you are using an app such as r2mail2, which encrypts passwords via android's keystore system and briefly de-crypts / re-encrypts as communication with the mail server is needed, this is simply no where near the same level of risk. The attack vector becomes complicated greatly as android's keystore utilizes kernel level hardware trust zones which limit which apps have access to which encrypted information. Ofcourse Or, as the way Emil security is going these days, using an oauth system where tokens are stored on phone for logins and are worthless to attackers completely unless tthey are signing in via that device and even then they are limited to that one email account such as, say gmail, rather than having a password for an entire google account. There is no such thing as perfect security. If someone wants your passwords bad enough, they will get them. Our job as users and hopefully the job of app developers is to exponentially increase the effort it takes to steal information. Sure, someone could throw a rock through my sliding door to get in my house, but I cut dowels and place them in the tracks to decrease the number of potential attack vectors. I would love to lend a hand if I knew more about coding, but I'm not a programmer :( I agree that simply having a master password to prevent access into k-9 is only a tiny bit of security (probably a huge leap forward in privacy however) but, encrypting passwords through atleast a somewhat secure keystore type method should be open priority for this app right now. This doesn't just affect rooted users, as any phone can become rooted and there are exploits that can subvert android's root based security model anyways. K-9's mail server passwords should NOT be stored in plain text. I believe the vast amount of users agree with me on this. Actually, the first priority for k-9 at this point should be a warning that pops up prior to mail server passwords being entered that highlights the security risk they are about to embark on. Priority #2 should be fixing this obvious security hole. riday, September 4, 2015 at 5:21:56 AM UTC-7, cketti wrote: > > The following scenarios are not covered by Android's or K-9 Mail's > security model: > - protecting against apps with root access > - protecting against local attackers when the phone is unlocked > > So yes, if you grant root access to an app it will be able to read your > passwords stored by K-9 Mail. If someone gets access to your phone while > it's unlocked they can read your mail and with some effort get your > passwords. > A master password might make it a bit more difficult for attackers, but it > doesn't protect you either. If an app has root it can simply modify K-9 > Mail's code to send out the decrypted passwords once the user has entered > the master password. A master password might protect you in the situation > when someone has access to your phone while it is unlocked but K-9 Mail is > locked. To me that tiny bit of added security doesn't warrant the effort of > implementing encrypted passwords. That being said, K-9 Mail is an open > source app and we welcome contributions. > > -cketti > > > On 04.09.2015 01:33, notlisted notlisted wrote: > > I disagree. Putting my password in base64 is NOT the most they could > do.... If your phone is rooted, ANY other app with root access can access > the preferences_storage database file and wa-lah it has your passwords. > Also, obviously 30 seconds on a file manager someone can locate the file > and pull passwords from it easily. > > As for a non-rooted phone, yes we have permission structure standing > between my password and the world. Personally I would rather have something > more than that. All someone has to do at that point is root your stolen > phone and boom- has your passwords, or, some malicious software could use > an exploit of some sort and masquerade as a system app and bam, your > passwords are stolen, or someone could 'hey let me borrow your phone a > sec', plug in usb do adb backup and yes you guessed it, bam has your > passwords... > > Seems like the smart thing to do with someone's password that they are > trusting your application with is to..... encrypt it with a master > password? Yet after years of this feature being requested it remains to be > seen implemented.... > > Also, encrypting your entire phone through the android option doesn't > really help with any of this much either. If your phone is rooted, the > above remains unchanged, but with a non-rooted phone it becomes a bit more > complicated in getting to the preferences_storage file, yet far from > impossible as from most devices you can do an adb backup while the phone is > on (user already entered their decryption password) and pull the data off > that way, unencrypted. > > k-9 just needs to implement mail password encryption with a master > password. I'm perplexed as to why this hasn't been done yet... > > On Tuesday, November 19, 2013 at 11:40:45 PM UTC-8, dnet wrote: >> >> It depends what you consider secure. (Disclaimer: I have some commits in >> K-9 code, but I wouldn't call myself a K-9 mail developer, and my views >> doesn't represent theirs.) >> >> If you'd like to know if the K-9 mail developers did everything they can >> to protect the passwords from other applications, the answer is yes. If >> the OS is running, 3rd party applications would have a hard time >> accessing your K-9 mail credentials. >> >> However, if you'd ask whether your password is extractable if your phone >> is stolen or lost, that's another issue. An issue that has nothing to do >> with K-9 mail and everything to do with your setup. If your device >> (phone, tablet, whatever) doesn't require a password at boot (not a PIN >> for the SIM card, a real password for the OS), your storage is not >> encrypted, thus a sufficiently skilled attacker can get any of your apps >> data, including K-9 mail credentials. >> >> Sure, a simple screen lock pattern can deter an everyday person from >> getting access, and with security, you always have to start with what >> kind of attacker you'd like to protect yourself against. If it's just >> malicious apps that doesn't have last months privilege escalation >> exploit, or the next door kid with no security knowledge, you're >> probably OK. >> >> Cheers, >> Andr�s Veres-Szentkir�lyi >> >> On Tue, Nov 19, 2013 at 10:33:01PM -0800, [email protected] wrote: >> > Hello, >> > >> > Please, i want to know if the passwords of the accounts are securly >> stored on the device ? >> > >> > Thank y ou. >> > -- > -- > You received this message because you are subscribed to the K-9 Mail Users > List. > To post to this group, send email to [email protected] > <javascript:> > To unsubscribe, email [email protected] <javascript:> > To report an issue with K-9 Mail, visit > http://code.google.com/p/k9mail/issues/list > For more options, visit this group at > http://groups.google.com/group/k-9-mail > > --- > You received this message because you are subscribed to the Google Groups > "K-9 Mail" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected] <javascript:>. > For more options, visit https://groups.google.com/d/optout. > > > -- -- You received this message because you are subscribed to the K-9 Mail Users List. To post to this group, send email to [email protected] To unsubscribe, email [email protected] To report an issue with K-9 Mail, visit http://code.google.com/p/k9mail/issues/list For more options, visit this group at http://groups.google.com/group/k-9-mail --- You received this message because you are subscribed to the Google Groups "K-9 Mail" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
