Allow the app to continue in background even when swiped away.

[ThoriumTextile]

Hello. I often tend to close all background apps to free up memory, but with KPDX, doing so closes the database. AFAIK there's no setting to allow the app to daemon-ify.

[J-Jamet]

This is what the application did several versions ago, but I was asked to do the opposite, which seemed to make more sense because the user is unequivocally asking to kill the application.

Maybe the easiest way is to put a setting in the parameters to let the user choose what is best for him.

[ThoriumTextile]

That's exactly what i mean, if you or some other contributor were to create a PR to implement this setting, it would be fantastic.

On May 19, 2022 10:19:45 AM GMT+02:00, "Jérémy JAMET 'notifications at github.com'" @.***> wrote:

This is what the application did several versions ago, but I was asked to do the opposite, which seemed to make more sense because the user is unequivocally asking to kill the application.

Maybe the easiest way is to put a setting in the parameters to let the user choose what is best for him.

-- Reply to this email directly or view it on GitHub: https://github.com/Kunzisoft/KeePassDX/issues/1334#issuecomment-1131387911 You are receiving this because you authored the thread.

Message ID: @.***>

[J-Jamet]

Planned for version 4.0.0 as it will require structural changes.

[kraoli]

Hello. I often tend to close all background apps to free up memory, but with KPDX, doing so closes the database. AFAIK there's no setting to allow the app to daemon-ify.

May I ask kindly about your use case? And is it just a habit to close all apps? I don't understand the benefit when having automatic memory management. Do you leave keepass unlocked all the time?

I'm one of those people who thinks features like leaving it unlocked by a background daemon is dangerous in a sec product. Even as an option.

You will never be sure if the app is closed/locked when it's closed. And couldn't it make new problems possible due to a more complex software architecture?

[deron-dev]

This would be a nice option to have, but it should definitely be opt-in in my opinion. I have my databases set to lock after a given time, but I don't want to have to keep the app open in the foreground during that time to avoid having to unlock them every time I fill creds.

I understand why some may think it counter-intuitive -- security-wise, at least -- to have your database open in the background indefinitely, and I agree. That is why I have my databases set to lock after some amount of time. Also, -- regarding the user telling the app to close -- after the user opts-in to the setting, they can manually lock a database in-app if they wish to do so early.

I recently made the switch from 1password to a self-hosted solution using KeePass databases, and I am really liking KeePassDX/XC. Thank you all for your contribution to the project!

[mahescho]

I want to use KeepassDX but the current behavior prevents me from doing so and I stick to Keepass2Android.

I use a Yubikey in conjunction with a password for my database which is shard on many devices by NextCloud. On Linux I use KeepassXC. Both, KeepassXC and Keepass2Android allow me to keep the DB open. With Keepass2Android I unlock my DB with my password and the Yubikey. I can setup Keepass2Android so I can quit it and reopen the DB with fingerprint.

With KesspassDX I can unlock by fingerpint but in addition I always need my Yubikey. This major annoyance keeps me away from KeepassDX.

[J-Jamet]

It's always a balance between security and usability, and here the behavior won't be changed by default, because killing the application with a swipe clearly means closing the database. I'm thinking about implementing the setting to prevent the base from closing during the swipe, but this requires a lot of testing.

In the case of Yubikey, this is a strong security mode. It's very surprising to leave your database open when you're using a very strong security mode. In any case, you can change the timeout in the settings.

[mahescho]

My DB resides on a network storage on the internet. This is the reason for using the Yubikey. The DB needs to be protected while on the internet storage. On my devices I neither want nor need this. The trade off is the one time unlocking with the Yubikey. When I'm at e.g. at home my phone is always with me, my Yubikey is't. When I need a password in this case I need to go and get my Yubikey to unlock. For me a major annoyance which prevents me from using the in many other aspects far better KeepassDX. With Keepass2Android this issue does not exist.

Keepass2Android has an other weakness. The DB is writable without the Yubikey. For me KeepassXC offers the best balance of security and usability. With KeepassXC I need to tap my Yubikey when opening the DB. Then it stays open for the login session, no matter if the screen gets locked or not, but when I want to write to the DB I've to tap the Yubikey again.

[J-Jamet]

I'm planning to make a physical key emulator in the KeyDriver app, but it will take some time to build.

[ColCh]

Same thing, it's a bit frustrating to keep yubikey with me even at home, and app seem to be to close db (or, its android closing the app) per 8h.

It will be really nice to have a possibility to daemonize app / keep it it memory without closing

Sorry, may be I don't understand something, but android these days is secure enough to keep memory of some app separated enough from other apps? I mean, is it even possible to read other process memory on stock android, without root?

[J-Jamet]

Normally, each application is in a kind of Sandbox, unless the corresponding permissions allow to see outside. With root you can do anything. If you need more information, check out the AOSP code.

[ColCh]

sorry, I was not explicit enough. That was a comment about this statement above:

In the case of Yubikey, this is a strong security mode. It's very surprising to leave your database open when you're using a very strong security mode. In any case, you can change the timeout in the settings.

soo, it's not completely clear to me, why it's surprising... I have to apply biometric finger to unlock the device, my phone's ROM is secure enough to keep another apps away from KepassDX memory (I have stock android, no root), my filesystem is encrypted, I'm pretty confident that nobody will use my PIN/Fingerprint to steal my data :-)

I already have unlock timeout set to 2 days (this is comfortable interval for me), but KeepassDX forces to reopen it every 4-8h, and forces me to unlock db with yubikey also, which is forcing me to wake up from my sofa and go search for my yubikey at my table O_O sorry, this may sound funny, but it's true...

However, physical key emulator feature sounds really hard to implement... what about just ensuring that app will be opened for desired time (e.g. providing a switch in settings, et cetera)? Of course I'm not the one to suggest anything, or point on priorities (it's your project, I'm just using it / supporting it), I'm just asking.

P.S. Please note, I already have all Battery Optimizations set to OFF, for KeepassDX, so I'm 90% sure it's not android killing the app (never say 100% though)

[J-Jamet]

but KeepassDX forces to reopen it every 4-8h

There's nothing in the code of KeePassDX to force this.

and forces me to unlock db with yubikey also, which is forcing me to wake up from my sofa and go search for my yubikey at my table O_O sorry

Haha, that's the whole point of choosing a physical key unlocking system, so that it requires human intervention.

However, physical key emulator feature sounds really hard to implement...

True, but on the right track

what about just ensuring that app will be opened for desired time (e.g. providing a switch in settings, et cetera)?

It's the case, maybe there's a protection on your device that prevents foreground services from running too long.

[mahescho]

Perhaps it may be an option to handle it like Keepass2Android, just give it a try to see how it works there.

This missing feature prevents me form using KeepassDX and I've keep using Keepass2Android.

[ColCh]

It's the case, maybe there's a protection on your device that prevents foreground services from running too long.

I'm pretty sure there is no such thing, as I disabled all possible battery optimizations for keepassdx

however, I use foldersync to copy kdbx file from one device to another, may it unload the app because of file sync?

I don't understand, app should work without any limit ...

[rawpie2]

It should be when I swipe the app away it stays open too

[J-Jamet]

If you reject someone, don't expect them to be open to you afterwards :p. It's the same thing here, you're clearly indicating by the action of rejecting the application that you don't want to use it anymore, so why should it remain open?

[ColCh]

@J-Jamet any reason why key cannot be saved under biometric protection? I mean, it's possible to not completely lock DB even if app if closed. I totally understand why and how YUBI is used like it's used, but reopening db with yubikey every day is too much for me: for example, I leave DB opened in KeepassXC on my mac, I just need to tip my finger to finger scanner, and that's it, no need to use yubikey.

Why there is no way to use it like this on android? I'm sure app is never closed by android system itself: I see that resilio sync is opened for 132h, for example. May be it's possible just to have a toggle inside of KeepassDX to force android system not to close the app? using some service, for example, I'm not sure (i'm web dev, not android dev)

I expect that I need to use yubikey when I reboot my phone or computer, or close app competely, or reload db. But when it stays opened, I don't understand why it's required to use yubikey for it

BTW I see that this item is moved to 5.0.0! thank you very much. Is any help wanted here, or ... money? :)