xmikos
commented
9 years ago @cptMikky This code is part of Nikolay Elenkov's Cryptfs Password Manager. But you are right, this isn't good assumption. I will change it immediately.
Closed jficz closed 9 years ago
xmikos
commented
9 years ago @cptMikky This code is part of Nikolay Elenkov's Cryptfs Password Manager. But you are right, this isn't good assumption. I will change it immediately.
jficz
commented
9 years ago You just earned a small and insignificant amount of reputation for reacting to security issues fast. Well done ;)
xmikos
commented
9 years ago It's fixed, I am now uploading new version to my F-Droid repository. Update in Google Play will take some time.
The encryption password, when set, is then immediately shown in a pop-up as plaintext. This is a major security issue and should not be happening, at least not without the user being warned prior showing the password. A security app cannot make any assumptions about users physical environment and must expect all situations to be hostile.