Re: [k-9-mail] Feature Request: Export should include account passwords and go to cloud

2016-11-25 Thread finbarr69 
OK, well, I got a temporary phone because mine was going away for a screen
repair.  So I had to migrate everything and that included backing up K9 etc
onto a temporary phone, then when I restored it and put in all the
passwords, I found that K9 didn't tell me some of the passwords were wrong
(maybe I mistyped), but simply there were no emails in the those accounts.
It was a while before I noticed a message in my notifications that there
was a certificate error for those accounts whose passwords I had got
wrong.  Clearly it wasn't a certificate error and when I entered the
correct passwords, those notifications cleared and email started flowing
again.

Then 6 days later when my repaired phone came back I had to repeat the
process.

I do IT support for a living, so imagine my pain when customers bring me
their mobiles to be transferred and I've got to go through all this palaver
with K9 every time.  That's where I'm coming from.  Having the passwords in
the exported backup just makes sense to me.  The phone owner takes care of
the security of the phone.  Job done.

Warmest regards,

Brian


On 13 November 2016 at 13:24, Philip Whitehouse  wrote:

> Export to Dropbox etc I have no problem with.
>
> On the password issue I'm still against it:
>
> Yes, you could check for fingerprints. Of course this area is barely
> standardised. Samsung for instance I believe have their own API. Or at
> least had. And it only exists on newer phones. So even before you start
> you're limiting yourself.
>
> The 20 accounts thing was a serious point. To me exporting settings is
> something a user does maybe once a year to upgrade phones. Entering a
> couple of passwords once a year is not particularly onerous.
>
> I asked you to clarify 'we' because I'm genuinely trying to work out why
> it's worth K-9 developers adding and then maintaining this feature.
>
> Cost of developing it is probably small in comparison to cost of
> maintenance. K-9 has lots of settings, and these settings can interact in
> odd ways. Often it is that interaction that causes issues.
>
> And while I'm not against a configurable app, I'm also opposed to adding
> more dialogues and UX to functionality. That K-9 is not suitable for the
> average user is a problem to me, not a selling point.
>
> So adding a dialog and security check and file encryption then maintaining
> that indefinitely so a user doesn't have to verify they know the password
> to their own email account at most once a year... Yeah I don't see it.
>
> - Philip
>
>
> On November 13, 2016 12:58:43 PM GMT+00:00, finbarr69 
> wrote:
>>
>> Thanks. What you say all makes sense.  However, I would submit that one
>> cannot assume the average user does not have 20+ accounts in K9, unless you
>> have some data to back up that assumption? The average user would be using
>> the stock email app, not the excellent K9 :-)
>>
>> Regarding passwords , all the ones I have to deal with are randomly
>> generated, wildly different from each other, usually at least 16 characters
>> and so not easy to remember.  The phone is protected by fingerprint and
>> pin.  Would it not be possible to request from the operating system a
>> security check before exporting the file?  There is an API hook
>> 
>> to do this, and other apps can do it.  Once authenticated, ask for a
>> password to encrypt the settings.  If the user has no lock on the phone and
>> no fingerprint sensor, then K9 could export without the passwords, and give
>> a warning to this effect.
>>
>> Also, if the phone can import settings from cloud storage (eg Dropbox),
>> it should have the ability to export there too. :-)
>>
>> Warmest regards,
>>
>> Brian
>>
>>
>> On 10 November 2016 at 12:25, Philip Whitehouse  wrote:
>>
>>> On 2016-11-10 11:05, finbarr69 wrote:
>>>
 In migrating from one phone to another, we want it to be as easy as
 possible.  I used the Helium app to backup all the apps (and their
 data) and restore them, but sadly it didn't backup the K9 data,
 presumably because it stores it in a non-standard way?

>>>
>>> The data is stored in an SQL database, the account settings are stored
>>> in device preferences. It's all pretty standard.
>>>
>>> Storing the settings in account preferences means it is is encrypted
>>> (and fairly difficult to get to from another app).
>>>
>>> I would guess Helium doesn't back-up preferences. I would be surprised
>>> if it had access on a non-rooted phone frankly.
>>>
>>>
 So, plan B, export then import.  Export has its problems because it
 only exports to the local filesystem, not to Dropbox or SD (though,
 Import has the ability to import from Dropbox or SD).  Anyway, using
 a file manager app, I managed to find and copy the exported file over
 to Dropbox and import it on the new phone.  BUT... I then have to

Re: [k-9-mail] Feature Request: Export should include account passwords and go to cloud

2016-11-13 Thread Philip Whitehouse 
Export to Dropbox etc I have no problem with. 

On the password issue I'm still against it:

Yes, you could check for fingerprints. Of course this area is barely 
standardised. Samsung for instance I believe have their own API. Or at least 
had. And it only exists on newer phones. So even before you start you're 
limiting yourself. 

The 20 accounts thing was a serious point. To me exporting settings is 
something a user does maybe once a year to upgrade phones. Entering a couple of 
passwords once a year is not particularly onerous. 

I asked you to clarify 'we' because I'm genuinely trying to work out why it's 
worth K-9 developers adding and then maintaining this feature. 

Cost of developing it is probably small in comparison to cost of maintenance. 
K-9 has lots of settings, and these settings can interact in odd ways. Often it 
is that interaction that causes issues. 

And while I'm not against a configurable app, I'm also opposed to adding more 
dialogues and UX to functionality. That K-9 is not suitable for the average 
user is a problem to me, not a selling point. 

So adding a dialog and security check and file encryption then maintaining that 
indefinitely so a user doesn't have to verify they know the password to their 
own email account at most once a year... Yeah I don't see it. 

- Philip

On November 13, 2016 12:58:43 PM GMT+00:00, finbarr69  
wrote:
>Thanks. What you say all makes sense.  However, I would submit that one
>cannot assume the average user does not have 20+ accounts in K9, unless
>you
>have some data to back up that assumption? The average user would be
>using
>the stock email app, not the excellent K9 :-)
>
>Regarding passwords , all the ones I have to deal with are randomly
>generated, wildly different from each other, usually at least 16
>characters
>and so not easy to remember.  The phone is protected by fingerprint and
>pin.  Would it not be possible to request from the operating system a
>security check before exporting the file?  There is an API hook
>
>to do this, and other apps can do it.  Once authenticated, ask for a
>password to encrypt the settings.  If the user has no lock on the phone
>and
>no fingerprint sensor, then K9 could export without the passwords, and
>give
>a warning to this effect.
>
>Also, if the phone can import settings from cloud storage (eg Dropbox),
>it
>should have the ability to export there too. :-)
>
>Warmest regards,
>
>Brian
>
>
>On 10 November 2016 at 12:25, Philip Whitehouse 
>wrote:
>
>> On 2016-11-10 11:05, finbarr69 wrote:
>>
>>> In migrating from one phone to another, we want it to be as easy as
>>> possible.  I used the Helium app to backup all the apps (and their
>>> data) and restore them, but sadly it didn't backup the K9 data,
>>> presumably because it stores it in a non-standard way?
>>>
>>
>> The data is stored in an SQL database, the account settings are
>stored in
>> device preferences. It's all pretty standard.
>>
>> Storing the settings in account preferences means it is is encrypted
>(and
>> fairly difficult to get to from another app).
>>
>> I would guess Helium doesn't back-up preferences. I would be
>surprised if
>> it had access on a non-rooted phone frankly.
>>
>>
>>> So, plan B, export then import.  Export has its problems because it
>>> only exports to the local filesystem, not to Dropbox or SD (though,
>>> Import has the ability to import from Dropbox or SD).  Anyway, using
>>> a file manager app, I managed to find and copy the exported file
>over
>>> to Dropbox and import it on the new phone.  BUT... I then have to
>>> re-input all my email passwords.  This is very tedious when I've 20
>>> email accounts in K9 and the passwords are all very obscure and
>>> different :-)
>>>
>>> So, here's my feature request.  Please can the account passwords be
>>> included in the export?  Even if we have to encrypt the export with
>a
>>> master password, this would really help when migrating phones.
>>> Please also can we have the option to send the exported file to
>>> Dropbox (or wherever, same as the import options are?).
>>>
>>>
>> The question here is what is the threat model.
>>
>> 1. The file itself could be intercepted.
>>
>> This makes the master password idea seem reasonable. Encrypting the
>file
>> prevents it being used.
>>
>> 2. The act of exporting the settings is the vulnerability.
>>
>> If you grab someone's phone, right now there is no way to retrieve
>the
>> account password.
>>
>> If we add this feature, there will be. Simply export the file with a
>> master password, then decrypt the file using that password. There is
>no way
>> to prevent this.
>>
>> You could argue that device security is the responsibility of the
>phone
>> password. But equally file security is the responsibility of the
>user.
>>
>> Who is 'we' here? I would suggest having 20 accounts on K-9 is a

Re: [k-9-mail] Feature Request: Export should include account passwords and go to cloud

2016-11-13 Thread finbarr69 
Thanks. What you say all makes sense.  However, I would submit that one
cannot assume the average user does not have 20+ accounts in K9, unless you
have some data to back up that assumption? The average user would be using
the stock email app, not the excellent K9 :-)

Regarding passwords , all the ones I have to deal with are randomly
generated, wildly different from each other, usually at least 16 characters
and so not easy to remember.  The phone is protected by fingerprint and
pin.  Would it not be possible to request from the operating system a
security check before exporting the file?  There is an API hook

to do this, and other apps can do it.  Once authenticated, ask for a
password to encrypt the settings.  If the user has no lock on the phone and
no fingerprint sensor, then K9 could export without the passwords, and give
a warning to this effect.

Also, if the phone can import settings from cloud storage (eg Dropbox), it
should have the ability to export there too. :-)

Warmest regards,

Brian


On 10 November 2016 at 12:25, Philip Whitehouse  wrote:

> On 2016-11-10 11:05, finbarr69 wrote:
>
>> In migrating from one phone to another, we want it to be as easy as
>> possible.  I used the Helium app to backup all the apps (and their
>> data) and restore them, but sadly it didn't backup the K9 data,
>> presumably because it stores it in a non-standard way?
>>
>
> The data is stored in an SQL database, the account settings are stored in
> device preferences. It's all pretty standard.
>
> Storing the settings in account preferences means it is is encrypted (and
> fairly difficult to get to from another app).
>
> I would guess Helium doesn't back-up preferences. I would be surprised if
> it had access on a non-rooted phone frankly.
>
>
>> So, plan B, export then import.  Export has its problems because it
>> only exports to the local filesystem, not to Dropbox or SD (though,
>> Import has the ability to import from Dropbox or SD).  Anyway, using
>> a file manager app, I managed to find and copy the exported file over
>> to Dropbox and import it on the new phone.  BUT... I then have to
>> re-input all my email passwords.  This is very tedious when I've 20
>> email accounts in K9 and the passwords are all very obscure and
>> different :-)
>>
>> So, here's my feature request.  Please can the account passwords be
>> included in the export?  Even if we have to encrypt the export with a
>> master password, this would really help when migrating phones.
>> Please also can we have the option to send the exported file to
>> Dropbox (or wherever, same as the import options are?).
>>
>>
> The question here is what is the threat model.
>
> 1. The file itself could be intercepted.
>
> This makes the master password idea seem reasonable. Encrypting the file
> prevents it being used.
>
> 2. The act of exporting the settings is the vulnerability.
>
> If you grab someone's phone, right now there is no way to retrieve the
> account password.
>
> If we add this feature, there will be. Simply export the file with a
> master password, then decrypt the file using that password. There is no way
> to prevent this.
>
> You could argue that device security is the responsibility of the phone
> password. But equally file security is the responsibility of the user.
>
> Who is 'we' here? I would suggest having 20 accounts on K-9 is a rare
> case. And having a password you can't remember is generally not normal
> practice anyway.
>
> I feel like this is an edge case that doesn't justify the code or the
> insecurity.
>
>
> Oh, also an easier way to move the accounts up or down would be
>> appreciated.  Drag and drop would be ideal.  At present one has to
>> long hold on an account and press Move Up (or Move down) and then
>> repeat it until the desired position is achieved (then repeat for all
>> the other accounts).
>>
>
> I don't have a problem with this - I would guess you'd enable a re-order
> mode. I have no idea about how easy it is to implement.
>
>
>> I'd be happy to make a donation if it helps.
>>
>
> Personally not for me - maybe for some of the other developers or someone
> else willing to do it contract-style.
>
>
>> Thanks!
>>
>> Brian
>>
>>  --
>>  You received this message because you are subscribed to the Google
>> Groups "K-9 Mail" group.
>>  To unsubscribe from this group and stop receiving emails from it,
>> send an email to k-9-mail+unsubscr...@googlegroups.com.
>>  For more options, visit https://groups.google.com/d/optout [1].
>>
>>
>> Links:
>> --
>> [1] https://groups.google.com/d/optout
>>
>
> --
> You received this message because you are subscribed to a topic in the
> Google Groups "K-9 Mail" group.
> To unsubscribe from this topic, visit https://groups.google.com/d/to
> pic/k-9-mail/L8k4qdMZ-vk/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
>

Re: [k-9-mail] Feature Request: Export should include account passwords and go to cloud

2016-11-10 Thread Philip Whitehouse 

On 2016-11-10 11:05, finbarr69 wrote:

In migrating from one phone to another, we want it to be as easy as
possible.  I used the Helium app to backup all the apps (and their
data) and restore them, but sadly it didn't backup the K9 data,
presumably because it stores it in a non-standard way?


The data is stored in an SQL database, the account settings are stored 
in device preferences. It's all pretty standard.


Storing the settings in account preferences means it is is encrypted 
(and fairly difficult to get to from another app).


I would guess Helium doesn't back-up preferences. I would be surprised 
if it had access on a non-rooted phone frankly.




So, plan B, export then import.  Export has its problems because it
only exports to the local filesystem, not to Dropbox or SD (though,
Import has the ability to import from Dropbox or SD).  Anyway, using
a file manager app, I managed to find and copy the exported file over
to Dropbox and import it on the new phone.  BUT... I then have to
re-input all my email passwords.  This is very tedious when I've 20
email accounts in K9 and the passwords are all very obscure and
different :-)

So, here's my feature request.  Please can the account passwords be
included in the export?  Even if we have to encrypt the export with a
master password, this would really help when migrating phones. 
Please also can we have the option to send the exported file to
Dropbox (or wherever, same as the import options are?).



The question here is what is the threat model.

1. The file itself could be intercepted.

This makes the master password idea seem reasonable. Encrypting the file 
prevents it being used.


2. The act of exporting the settings is the vulnerability.

If you grab someone's phone, right now there is no way to retrieve the 
account password.


If we add this feature, there will be. Simply export the file with a 
master password, then decrypt the file using that password. There is no 
way to prevent this.


You could argue that device security is the responsibility of the phone 
password. But equally file security is the responsibility of the user.


Who is 'we' here? I would suggest having 20 accounts on K-9 is a rare 
case. And having a password you can't remember is generally not normal 
practice anyway.


I feel like this is an edge case that doesn't justify the code or the 
insecurity.




Oh, also an easier way to move the accounts up or down would be
appreciated.  Drag and drop would be ideal.  At present one has to
long hold on an account and press Move Up (or Move down) and then
repeat it until the desired position is achieved (then repeat for all
the other accounts).


I don't have a problem with this - I would guess you'd enable a re-order 
mode. I have no idea about how easy it is to implement.




I'd be happy to make a donation if it helps.


Personally not for me - maybe for some of the other developers or 
someone else willing to do it contract-style.




Thanks!

Brian

 --
 You received this message because you are subscribed to the Google
Groups "K-9 Mail" group.
 To unsubscribe from this group and stop receiving emails from it,
send an email to k-9-mail+unsubscr...@googlegroups.com.
 For more options, visit https://groups.google.com/d/optout [1].


Links:
--
[1] https://groups.google.com/d/optout


--
You received this message because you are subscribed to the Google Groups "K-9 
Mail" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to k-9-mail+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[k-9-mail] Feature Request: Export should include account passwords and go to cloud

2016-11-10 Thread finbarr69 
In migrating from one phone to another, we want it to be as easy as 
possible.  I used the Helium app to backup all the apps (and their data) 
and restore them, but sadly it didn't backup the K9 data, presumably 
because it stores it in a non-standard way?

So, plan B, export then import.  Export has its problems because it only 
exports to the local filesystem, not to Dropbox or SD (though, Import has 
the ability to import from Dropbox or SD).  Anyway, using a file manager 
app, I managed to find and copy the exported file over to Dropbox and 
import it on the new phone.  BUT... I then have to re-input all my email 
passwords.  This is very tedious when I've 20 email accounts in K9 and the 
passwords are all very obscure and different :-)

So, here's my feature request.  Please can the account passwords be 
included in the export?  Even if we have to encrypt the export with a 
master password, this would really help when migrating phones.  Please also 
can we have the option to send the exported file to Dropbox (or wherever, 
same as the import options are?).

Oh, also an easier way to move the accounts up or down would be 
appreciated.  Drag and drop would be ideal.  At present one has to long 
hold on an account and press Move Up (or Move down) and then repeat it 
until the desired position is achieved (then repeat for all the other 
accounts).

I'd be happy to make a donation if it helps.

Thanks!

Brian

-- 
You received this message because you are subscribed to the Google Groups "K-9 
Mail" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to k-9-mail+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.