search

Kunzisoft / KeePassDX

Lightweight vault and password manager for Android, KeePassDX allows editing encrypted data in a single file in KeePass format and fill in the forms in a secure way.
https://www.keepassdx.com/
GNU General Public License v3.0
4.65k stars 273 forks source link

Popup windows and KeepassDX #674

Closed zveber closed 4 years ago

zveber commented 4 years ago

It's just a question. If one of using apps has a permission to show popup windows can it get content of KeepassDX window when it visible on screen?

J-Jamet commented 4 years ago

Sorry but I don't understand the question. What do you mean by "has a permission to show popup windows" ? Which app? Are you talking about permissions in MIUI? If it's a question about MIUI permissions, this OS is made to block functionality while the internal system has apps with built-in ads (it's inconsistent). For me, it's just to restrict actions on a closed system. Because there is no method to correctly manage these permissions in the code when it is legitimate (and these permissions are not part of the AOSP source code. So, good luck seeing exactly what it exactly does as it is non-standard and part of a closed system.). In the AOSP code, an Android application is normally independent from other applications, but again, it depends on the system and its operation, the OS of the manufacturers have many modifications.

And 'can it get content of KeepassDX window when it visible on screen'? What is the purpose exactly? It is always possible to get the contents of a screen, it depends on your system. I tried to block the app screen record with LayoutParams.FLAG_SECURE, but there is always a way if an app or a script has root access for example.

zveber commented 4 years ago

Yes, my pnone runs on MIUI 11. Sorry, but I don't know if this lermissiin is specific for it. I'm talking about com.vkontakte.android. It's a social app. And it has an ability to make calls. When it has a permission to show popup windows you can switch to another app keeping call. But it shows it's icon on the screen while minimized. So I'd like to know is it safe to open KeepassDX window while I'm talking. And is it safe at all to give such permission?

Screenshot of permission IMG_20200828_125008

J-Jamet commented 4 years ago

Being safe is a subjective notion. Here the permission is only used to block the opening of the other app. Traditionally, this is done with intent.

I'm not sure of anything because neither the OS nor the social app are open source, so it is not possible to verify.

If something is in the foreground, it's technically difficult to guess what is present on the screen unless the operating system allows it, but it's likely. Again, it is not possible to verify, so it is up to you whether or not to trust these apps.

zveber commented 4 years ago

I got lt. Thanks for explanation.