MickWang
commented
4 years ago We designed it for users' convenience. And B can not access A's wallet if B does not have the passwords. We will consider to increase protection for OWallet in the future. Thanks for your issue.
keystore.db is not well protected. It can be copied to another computer and opened with OWallet without any authentication.
For example, A wants to steal B's wallet, just copy keystore.db from B's computer to A, and B's wallet will show up in A's OWallet application.
Recommend Fix: Encrypt keystore.db with a specific key generated by each computer's signature. Make sure it can only be read on the very computer who created it.