Thanks. What you say all makes sense. However, I would submit that one cannot assume the average user does not have 20+ accounts in K9, unless you have some data to back up that assumption? The average user would be using the stock email app, not the excellent K9 :-)
Regarding passwords , all the ones I have to deal with are randomly generated, wildly different from each other, usually at least 16 characters and so not easy to remember. The phone is protected by fingerprint and pin. Would it not be possible to request from the operating system a security check before exporting the file? There is an API hook <https://developer.android.com/about/versions/marshmallow/android-6.0.html#fingerprint-authentication> to do this, and other apps can do it. Once authenticated, ask for a password to encrypt the settings. If the user has no lock on the phone and no fingerprint sensor, then K9 could export without the passwords, and give a warning to this effect. Also, if the phone can import settings from cloud storage (eg Dropbox), it should have the ability to export there too. :-) Warmest regards, Brian On 10 November 2016 at 12:25, Philip Whitehouse <phi...@whiuk.com> wrote: > On 2016-11-10 11:05, finbarr69 wrote: > >> In migrating from one phone to another, we want it to be as easy as >> possible. I used the Helium app to backup all the apps (and their >> data) and restore them, but sadly it didn't backup the K9 data, >> presumably because it stores it in a non-standard way? >> > > The data is stored in an SQL database, the account settings are stored in > device preferences. It's all pretty standard. > > Storing the settings in account preferences means it is is encrypted (and > fairly difficult to get to from another app). > > I would guess Helium doesn't back-up preferences. I would be surprised if > it had access on a non-rooted phone frankly. > > >> So, plan B, export then import. Export has its problems because it >> only exports to the local filesystem, not to Dropbox or SD (though, >> Import has the ability to import from Dropbox or SD). Anyway, using >> a file manager app, I managed to find and copy the exported file over >> to Dropbox and import it on the new phone. BUT... I then have to >> re-input all my email passwords. This is very tedious when I've 20 >> email accounts in K9 and the passwords are all very obscure and >> different :-) >> >> So, here's my feature request. Please can the account passwords be >> included in the export? Even if we have to encrypt the export with a >> master password, this would really help when migrating phones. >> Please also can we have the option to send the exported file to >> Dropbox (or wherever, same as the import options are?). >> >> > The question here is what is the threat model. > > 1. The file itself could be intercepted. > > This makes the master password idea seem reasonable. Encrypting the file > prevents it being used. > > 2. The act of exporting the settings is the vulnerability. > > If you grab someone's phone, right now there is no way to retrieve the > account password. > > If we add this feature, there will be. Simply export the file with a > master password, then decrypt the file using that password. There is no way > to prevent this. > > You could argue that device security is the responsibility of the phone > password. But equally file security is the responsibility of the user. > > Who is 'we' here? I would suggest having 20 accounts on K-9 is a rare > case. And having a password you can't remember is generally not normal > practice anyway. > > I feel like this is an edge case that doesn't justify the code or the > insecurity. > > > Oh, also an easier way to move the accounts up or down would be >> appreciated. Drag and drop would be ideal. At present one has to >> long hold on an account and press Move Up (or Move down) and then >> repeat it until the desired position is achieved (then repeat for all >> the other accounts). >> > > I don't have a problem with this - I would guess you'd enable a re-order > mode. I have no idea about how easy it is to implement. > > >> I'd be happy to make a donation if it helps. >> > > Personally not for me - maybe for some of the other developers or someone > else willing to do it contract-style. > > >> Thanks! >> >> Brian >> >> -- >> You received this message because you are subscribed to the Google >> Groups "K-9 Mail" group. >> To unsubscribe from this group and stop receiving emails from it, >> send an email to k-9-mail+unsubscr...@googlegroups.com. >> For more options, visit https://groups.google.com/d/optout [1]. >> >> >> Links: >> ------ >> [1] https://groups.google.com/d/optout >> > > -- > You received this message because you are subscribed to a topic in the > Google Groups "K-9 Mail" group. > To unsubscribe from this topic, visit https://groups.google.com/d/to > pic/k-9-mail/L8k4qdMZ-vk/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > k-9-mail+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "K-9 Mail" group. To unsubscribe from this group and stop receiving emails from it, send an email to k-9-mail+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
