Feature: Direct Photo/Video/Audio attachments while staying in app (API calls to camera, sound recorder, video camera) instead of multistep separate apps

[travisnj]

I love the app... I want to replace it full time from Textra, BUT there is a big draw back, why don't you allow for direct photos, video and sounds to be taken. So you don't have to use two apps to get the file to send.

Example: My wife takes a photo of something she wants my opinion on buying, (in textra or native) presses add, camera comes up, takes photo and sends

Example: Same situation, but with Text Secure you have to take the photo first and save image, then goto app and add via the menu of "where" the documents are to attach and send

So, as you can imagine carrying on a conversation and needing to send several photos during that conversation it would be a bit frustrating and very time consuming using Text Secure.

Native, Textra and about all others I have used use API's and directly use the photo/audio to send.

[virtualritz]

+1

[schiessle]

Yes, would be great if I could take a photo/video directly from within TextSecure and send it. Are there any plans for it?

[mcginty]

Hey all, it's in the plans to revamp that entire attachment flow. This will pretty certainly include allowing users to capture media directly. If anybody wants it done even more quickly, pull requests are appreciated and I hear the payout is pretty nice now ;).

[hunleyd]

+1

[SchwarzwaldFalke]

+1

[ghost]

If we're going to add photo-taking capabilities, I think it would be a good idea to add some features from ObscuraCam. The source is GPLv3 and found at GuardianProject/SecureSmartCam.

[lablans]

+1. ObscuraCam looks nice as well, but please make the alterations optional. Not everyone is (cf. their user stories) in an "activist group", a "rights defender", in "protest of human rights abuses", or "compromised" ;-) Some of us just want a secure and FOSS replacement for WhatsApp.

[jeremymasters]

would be cool to add pixelknot functionality as well

[JavaJens]

Wouldn't it be the easiest to use intents, this way everyone can use his default camera app? Similar to: https://github.com/guardianproject/ChatSecureAndroid/blob/24a447d0ee0807b75a45a385b870f6f532328480/src/info/guardianproject/otr/app/im/app/NewChatActivity.java

[JavaJens]

@mcginty I've created a pull request for this. Could you and others of course check if this is the right direction? However I believe this might be a privacy leak, as the image is stored on the sdcard!

What is this Bithub thing about? I don't want anything from you, you give enough by providing the software!

[generalmanager]

However I believe this might be a privacy leak, as the image is stored on the sdcard!

So maybe we should make it possible to turn this off, hide this in the advanced settings and activate it depending on the user's need for security (#838)

[JavaJens]

Yes, that's what I thought as well. Same goes for audio/video, although no file is present on the users file system, but somewhere this is stored.

I'd second the possibility to turn this off and have it on per default, because as said in #838 those who worry about their privacy will accept digging deeper :) But I guess this decision will depend on the outcome of issue #838

[lablans]

Wouldn't you have the same privacy leak if you just take the picture and send it? (like now)

"those who worry about their privacy will accept digging deeper" - well said. If we want TS to be a [insert privacy-agnostic messenger here] replacement (which it is very close to!), we need presets fit for everday life (i.e. my mother). She'd second your opinions, because you allow her to "stay on the surface" and to just take pictures.

[generalmanager]

@vascorppor

Wouldn't you have the same privacy leak if you just take the picture and send it? (like now)

That depends where your camera stores the pictures. You can usually force it to store them on the (hopefully encrypted) internal memory.

we need presets fit for everday life (i.e. my mother)

Feel free to contribute your ideas how that should be communicated and what those settings should be over at #838

[JavaJens]

@lindworm

So you say that using the internal memory is safe? I can easily change the location of where the image is stored, e.g. using ContextWrapper's getDir() method.

[generalmanager]

@JavaJens I don't know about the low-level stuff and malicious apps can of course still access the internal memory. But if it's encrypted, it should be a bit safer than the sd card.

I guess something like a ramdisk would be asked to much? ;-) Even then it would probably only work on rooted devices.

[JavaJens]

I have to correct myself. Writing to the internal memory is not that simple, due to Permissions. Maybe this can be done using a ContentProvider? But the question is, is it worth the effort and wouldn't a simple checkbox be the better/safer option?

[aprescott]

Is it possible to maybe use an intent to capture the image, then overwrite the file contents after it's been added to TS, so that if it is on the disk there is a maximum window of storage?

[tinloaf]

There is no such thing as 'overwriting' with flash storage (which is the kind of storage all phones rely on)...

[JavaJens]

Another issue is the gallery app, it makes copies and thumbnails and therefore introduces a security issue the user should be warned about.

That's why I think the warning dialog is the safest bet for not, until someone implements their own camera activity...

[lablans]

Creation of thumbnails can probably be prevented by placing a .nomedia file.

On 11. März 2014 07:55:27 WEZ, JavaJens notifications@github.com wrote:

Another issue is the gallery app, it makes copies and thumbnails and therefore introduces a security issue the user should be warned about.

That's why I think the warning dialog is the safest bet for not, until someone implements their own camera activity...

---

Reply to this email directly or view it on GitHub: https://github.com/WhisperSystems/TextSecure/issues/520#issuecomment-37270803

[JavaJens]

I'm no expert, but from testing it looked like the gallery app would always place a copy/thumbnail in the gallery after taking the photo. At least with video, this is an issue. For images it depends on your device, I believe.

The .nomedia would only prevent it from scanning a new directory, wouldn't it?

[lablans]

Ah, ok. Maybe you can just create a new directory "TextSecure" and immediately place a .nomedia file.

In any case, it's great that you guys are putting so much thought into securing direct photography. However, this should not hinder the integration of one of the most important missing features. JavaJens' implementation already is reasonably secure, right? At least no more insecure than taking a photo using another app, which users are forced to now.

By the way, there are users like me or other WhatsApp migrants who actually want their TextSecure pictures in the gallery. In high quality, if possible, not the compressed version sent over the wire.

Thus, we should follow JavaJens' proposal and display a warning about the (very tiny!) loophole. Allow them to dismiss it permanently ("don't display again"). The same would be required for displaying photos in order to be consistent throughout TextSecure.

[mcginty]

We're currently working on a number of attachments/media fixes in the "media" branch. This will include our own media preview activity that won't have to store the attachments unencrypted and use an external tool.

[aktenkundig]

+1

[yaplej]

Yes please.

[D3N14L]

+1 is there any update on the progress oft the media sharing workflows?

[ghost]

Same here, any news about that ?

[FR86]

+1 Is there any news in the current state of implementation? I'd also be really interested in a similar feature for voice records. Not unlike it's implemented in surespot, where you tap and hold a button to record sound, which is sent as soon as you release the button.

[fxcalibur]

+1 for direct photo and audio. I really like the direct audio recorder in whatsapp

[4cc8783b]

+1 for direct photo and audio (+ optionally video)

[jeremymasters]

+1

[Catscratch]

+1

[ximex]

+1

[Mihahn]

+1 I think this would be a great improvement!

[ole-tange]

+1 with https://github.com/WhisperSystems/RedPhone/issues/345

[andunix]

+1

[streblo]

+1

Here's a SO post on how to use contentproviders to do this securely: https://stackoverflow.com/questions/20058793/android-how-to-save-the-camera-result-to-a-private-file

[GeniusKratos]

+1

[mcginty]

Closed in favor of #3563 and #3564 since all these different types of media captures will be separate PRs, making it easier to track progress.