toggle to password-encrypt pictures/videos without saving original

[Lppsoeht]

Toggle to encrypt with a passphrase pics/vids taken within a camera app session. Preferably by using a strong encryption algo such as AES 256.

[thestinger]

From our perspective at least, this kind of feature belongs in a dedicated app reusable across apps rather than in the Camera app. The intended way to do this is to set the storage location to an app-based storage provider providing an encrypted storage container, and therefore it's already provided on the Camera app side but requires an app doing that. We don't know if there's an existing app doing that but we have an existing plan to make one. However, it's becoming a much lower priority with features like Private Space and the upcoming extra data class for keeping data at rest when locked without needing to use the keystore.

[Lppsoeht]

Understandable, thanks. From my understanding of the Private Space feature it'll be kind of like using another profile, just encapsulated, also officially I heard it'll ask for a google account for better data protection but I guess you'll solve that. What is the upcoming data class for keeping things at rest? isn't that the whole concept of MTE? Didn't find anything.

[thestinger]

The Private Space can be locked and therefore can support encryption with a separate key but we don't think it does that in a meaningful way yet. We'll need to take a close look at it and figure out if it does that and how it's done.

[thestinger]

What is the upcoming data class for keeping things at rest? isn't that the whole concept of MTE? Didn't find anything.

I'm referring to the fact that Android is adding an iOS style opt-in data class for apps marking data as at rest when the device is locked, which is currently the biggest reason for apps to provide their own layer of encryption. It can already be done via the hardware keystore for another layer of encryption but it will be possible to use disk encryption for it. It doesn't cover the use case of keeping it at rest while the user is unlocked but the Private Space could evolve to do that.

[thestinger]

We've had a plan to make an app providing a Storage Access Framework provider and storing it in an encrypted container which would be protected with the keystore for keeping data at rest while the device is locked. It would also be able to support additional encrypted containers with passphrases. The new data class that's being developed is going to partly obsolete the main default container we were going to provide with that since apps could use that themselves, but an app for this would still be useful and we could implement the main encrypted container with the new feature once it's available instead of the keystore.

[Lppsoeht]

Thanks for the valuable info, it looks quite promising. The only android app I know of with similar features as desktop veracrypt is cryptomator, but I remember it discouraged enabling the "experimental" option to make the unlocked directories readable by other apps.