Encdroid leaks files into its folder

mrpdaemon / encdroid

Encdroid is an Android application for accessing EncFS volumes on cloud storage

GNU General Public License v3.0

86 stars 20 forks source link

Encdroid leaks files into its folder #98

Open cliffjao opened 6 years ago

cliffjao commented 6 years ago

The files are 0B, so no content is leaked at least. But you can see the unencrypted filenames.

enzomich commented 6 years ago

Actually they are not (or at least not always) 0b long: on my device, accessing a .XLS file with WPS, and a picture with QuickPic, has left their complete unencrypted copies in /storage/emulated/0/Encdroid ... This, security wise, is quite bad. If the use of temp files can't be avoided in unrooted devices, at least they should be thoroughly erased once the app closes them.