search

airgap-it / airgap-vault

The AirGap Vault is installed on a spare smartphone that has no connection to any network, thus it is air gapped. This app handles the private key.
MIT License
386 stars 109 forks source link

Load app (Activity) after authentication, not at the same time. #72

Closed Originalimoc closed 8 months ago

Originalimoc commented 3 years ago

On my device I can spam empty space to cancel authentication, then get a prompt again (while(1) loop?) from app, but between these two prompts I have a few millisecond I can operate the app. And go viewing phrases will break the loop.

It's not a serious security concern because when signing and viewing phrases a prompt(*X) will popup again, and is not skip-pable. According to your implementation seems to be cryptographically safe, prompt is a must to decrypt.

The need to fix is because when after you break the loop, stay in app, lock the screen, UNLOCK the screen, Android OS will decide if that second prompt(*X) is still in place, which mostly, not.

debeldami commented 8 months ago

This issue no longer exist so I will close it