HarHarLinks
commented
3 years ago Do you know about Settings -> Security & Privacy -> Ex/Import E2E room keys?
I see the feature you want and why it's useful, and the app could prompt for export upon logout and import upon login. How worth doing this depends, as you say, on how far away dehydration is.
hints that the E2EE data is stored on the database of the android app. This part I see as a security violation/exploit that should be removed from the app asap. Logging out in my opinion is supposed to sever all links to a previous session (that are handled by the app).
ShadowJonathan
Currently, whenever a device gets logged out (on android), you're able to log back in without re-trusting the device, this hints that the E2EE data is stored on the database of the android app.
The feature i'm requesting here is the ability to be able to export that (somehow) while the user is locked out, or somehow not able to access their account, this "wraps" the hot potato that the device was carrying, and allows them to either a. transfer it to a new device, or b. back it up.
The security implications of this should be considered, even the security implications of having someone have their E2EE keys still (forensically) available on the device after they've been logged out by error or intentionally.
This last problem can/will be solved with Dehydrated Devices, and i think the intention to not wipe this data upon logout is a practical solution to allow someone to retain their E2EE history, but it'd be useful to be able to export that (somehow).