search

RocketChat / Rocket.Chat.ReactNative

Rocket.Chat mobile clients
https://rocket.chat
MIT License
2.02k stars 1.18k forks source link

[Security] Sensitive data stored in unencrypted database #2785

Open emikolajczak opened 3 years ago

emikolajczak commented 3 years ago

Description:

We have own white label app version based on single-server branch. After our security tests was noticed that Android application uses database to store messages inside server-name-experimental.db.db and this file is unencrypted and sensitive data can be accessed. Did you consider to encrypt this database?

Environment Information:

Steps to reproduce:

  1. Embedded server-name-experimental.db.db is unencrypted

Expected behavior:

Consider to encrypt this database

Actual behavior:

Embedded server-name-experimental.db.db is unencrypted

Additional context:

diegolmello commented 3 years ago

It's a work in progress on the database lib https://github.com/Nozbe/WatermelonDB/pull/907

emikolajczak commented 3 years ago

Hi, thanks for the reply. Do you plan to implement encryption in rocket app database after implementation in database engine?

diegolmello commented 3 years ago

Sure. It's implemented by default on iOS already.