Show a warning (graphical) if someone changes "Settings" when all the vaults are locked #574
Comments
serrq
changed the title
serrq
changed the title
|
For the same reason: "add a new vault" (creating) should be possible only when at least a pre-existant vault is opened. An app (local) pin (six digits) can solve these issues effectively. |
|
An app (local) pin also prevent that unauthorized actors can deleting a vault. But it remains always possible to do it via file manager, so this poses a serious reasoning on security. Are administrator privileges necessary to prevent unauthorized actors from erasing a vault? |
|
#13 is not exactly the same but I think this could be an option that the complete app is locked with a pin and only when entered, it can be accessed.
Someone with access e.g. to your (cloud) files can delete the vault at anytime. On the device itself you need to go through the UI of the app or need root access to make changes in the database but also have a look at our security-target. |
|
Device side: With "you" you mean any entity with capability (fingers, human) to touch, physically, the screen UI? |
Yes, the screen UI of the Cryptomator Android app. |
Please agree to the following
Summary
Security (potential risk)
Motivation
I noticed that it is possible changing some app settings without a password.
So when a user, temporarily lose the device control, anyone can changes app behaviors without user awareness.
Put a graphical warning in the home directory (when settings change) resettable only after provided a master password or a local pin.
Considered Alternatives
No response
Anything else?
No response
The text was updated successfully, but these errors were encountered: