Wire-android: Feature request: Encrypt app data with SQLCipher

Created on 29 Jul 2016  路  4Comments  路  Source: wireapp/wire-android

Android full disk encryption is optional for many versions and not sufficiently safe for high-risk scenarios.
See: https://guardianproject.info/code/sqlcipher/

enhancement

Most helpful comment

the problem without app-level encryption is, that you have to rely on system-level encryption which is in terms of Android pretty bad. You have to turn off your device to actually have encrypted data and that's not really an option for most of the cases. It holds the encryption key in system memory while turned on and state level attackers just extract that keys with special devices from Cellebrite.
I would prefer a solution similar to SMS Secure, Signal or even Wickr.
It's worth to protect the data on app-level basis if we talk about contacts, chat protocols and similar revealing information (looking at you TSA, german police for asylum seekers and other adversaries...)

All 4 comments

This is a question of threat model: encrypting data at rest only makes sense if it is done with a key that has enough entropy.
In the case of a messenger this would mean that you have to enter a long password very frequently (considered bad UX by most) and also that some background operations cannot be carried out because of the missing key (equally bad UX, if not worse).

Why not simply rely on the Android KeyStore API to generate high-entropy keys that are stored in hardware and cannot be extracted via software or hardware means.

https://developer.android.com/training/articles/keystore.html

the problem without app-level encryption is, that you have to rely on system-level encryption which is in terms of Android pretty bad. You have to turn off your device to actually have encrypted data and that's not really an option for most of the cases. It holds the encryption key in system memory while turned on and state level attackers just extract that keys with special devices from Cellebrite.
I would prefer a solution similar to SMS Secure, Signal or even Wickr.
It's worth to protect the data on app-level basis if we talk about contacts, chat protocols and similar revealing information (looking at you TSA, german police for asylum seekers and other adversaries...)

Hi.

This issue is very old and I decided to close it (we're trying to clean up our GitHub issues). As far as I know, we don't plan to implement this feature (we rely on Android), but recently we improved client security with passphrase and (for special builds) with the possibility to erase all data if the device is rooted or the passphrase was typed incorrectly many times.
If you think this is still relevant, please open a new ticket.

Cheers,

Was this page helpful?
0 / 5 - 0 ratings

Related issues

ghsrcgh picture ghsrcgh  路  3Comments

azlux picture azlux  路  3Comments

juliss95 picture juliss95  路  4Comments

MakisH picture MakisH  路  8Comments

luckyraul picture luckyraul  路  4Comments