Hi there, i have a quicksheet on my Razr in which i save a few of my bank details that i may need on person at all times due to nature of my job. I need to password-protect that file of mine. Any ideas???
There is no way I would store that on my phone with a simple spreadsheet password. They are easily cracked.
I would find an app that would encrypt the file to your password. I don't know if there is an equivalent of Truecrypt for Android.
I heartily agree with 85Gallon... but... if nobody is going to lose money or their job if this info is discovered, then you might consider App Protector by Clutch Mobile (formerly Carrot Apps). It will password protect any app. However, any serious player on XDA could circumvent it fairly quickly. App Protector does not encrypt anything. It just puts a lock on apps that might access that data -- and it's not that great of a lock.
If you work for a bank and you need to keep a list of addresses, Managers and their personal cell numbers, maybe this is enough. If you're storing anything more critical, listen to 85Gallon and find a better solution.
I would suggest "Sec Notes". It stores data encrypted using AES encryption in a database. Notes can be Notepad, Spreadsheets and checklists. Spreadsheet supports formulas too, so it might match what you want. Best part is it allows automatic backup to Google Drive and Dropbox. You can also backup to SD cart manually any time.
https://play.google.com/store/apps/details?id=com.skipser.secnotes
85gallon said:
There is no way I would store that on my phone with a simple spreadsheet password. They are easily cracked.
I would find an app that would encrypt the file to your password. I don't know if there is an equivalent of Truecrypt for Android.
Click to expand...
Click to collapse
Related
If you have a device password set then you think you are safe? Not necessarily if you also have some toolbar apps, like xBar or Pocket Nav.
On the xda you can get to the start menu and run programs by following these steps. For this example I use PocketNav.
Tap on the Pocket Nav icon and close the Password program.
Press the green Phone button to start the Phone application.
Type *#06#
The Start menu appears and you can now run programs that appear in the menu, and change settings and access data, but not run files in the Programs folder.
A soft reset puts the device back to normal.
8)
The password is like a car door lock--only keeps the average casual observer out. Your data is unencrypted and accessible in a variety of ways. If you have sensitive data, get encryption. Things like CodeWallet Pro are great for specific items, or get a system-level encrypter to hide contacts, schedule, etc.
Carlos said:
The password is like a car door lock--only keeps the average casual observer out. Your data is unencrypted and accessible in a variety of ways. If you have sensitive data, get encryption. Things like CodeWallet Pro are great for specific items, or get a system-level encrypter to hide contacts, schedule, etc.
Click to expand...
Click to collapse
All nice and well: you create an encrypted file-system on an SD-card. But given that the device has persistent RAM, I would tend not to trust any encryption solution at this time. I mean: anything you enter anywhere gets stored in RAM, and none of the regular Pocket PC user applications even attempt to clean up after themselves.
If I'm shown a text-aditor or an addressbook manager that was especially written to be secure, did not use things like the Pocket PC addressbook, and came with sourcecode, I could begin to trust it.
I guess it all depends on whether you need to store the launch codes for nuclear missiles or your Visa numbers. How much effort is a potential thief willing to put towards getting your device and then getting the data out?
The data in RAM can be encrypted also by most security programs. They don't create encrypted stores necessarily; they can encrypt the built-in contacts database for example.
Carlos said:
I guess it all depends on whether you need to store the launch codes for nuclear missiles or your Visa numbers. How much effort is a potential thief willing to put towards getting your device and then getting the data out?
The data in RAM can be encrypted also by most security programs. They don't create encrypted stores necessarily; they can encrypt the built-in contacts database for example.
Click to expand...
Click to collapse
Bruce Schneier said:
There are two kinds of cryptography in this world: cryptography that will stop your kid sister from reading your files, and cryptography that will stop major governments from reading your files. [...]
(preface to "Applied Cryptography")
Click to expand...
Click to collapse
Heh, exactly. Most of us only need to keep the "kid sister" or a person who finds a lost device out of our data. Some may need slightly more--to prevent a lost device from divulging a company secret, for example. If you really need to keep governments from reading data on your PPC, you should probably re-think your choice of storage device for such data.
I am an IT Consultant and I like to keep my client network documentation on my View but that also leaves a gaping security hole because Android lacks real security. Before I got the view, I used Dropbox and Truecrypt to keep a container in sync between my main computer and my traveling notebook and a thumbdrive so that I always have access to these documents. Up until last night, I was unable to access a TrueCrypt container within Android, when I found EDS Lite which purports to be able to open the file.
So I installed Dropbox and EDS Lite but I am unable to figure out how to get Dropbox to sync the container to the View and then where to find the container using EDS Lite. I have tried google to no avail as I cannot find a dropbox folder. Anyone want to give me a heads up as to what I am missing?
Easy.
Use Cheetah Sync for Files/Folders
or
FolderSync
Thanks!
Nice find. Thanks for the response. These might just be the droids I am looking for...
you can find the synced files (mark favorite on dropbox first) on sd folder android/data/com.dropbox.android/yourfiles. then add container in EDS.
There's also called cryptonite. Here's the link about truecrypt porting
http://forum.xda-developers.com/showthread.php?t=872297&page=7
Yeah, maybe easier with folder sync anyway...
TrueCrypt
I like the idea of truecrypt volumes on the device, as this allows for them to automatically 'lock' the volume when the device is locked and to not unlock it even if the device is unlocked and to require the pass phrase to unlock it. Everyone should be this paranoid about the security of their devices especially in wake of the court decision that a simple traffic stop is enough to allow a police officer to activate your phone and look through it. Even if no citation or charges are issued and consent is not needed. They cannot force you to unlock it or to give them the pin / password / pattern to unlock it. There are dozens of new laws enacted each year and there is always the chance you are awry of some law that could land you potential jail time. You never know what could turn up in the background of a picture on your phone that The facial recognition is a joke as it can be activated by holding the phone in front of someone's face. You should always refuse a search of your person or vehicle and you should always exercise your right to an attorney and exercise your 5th amendment rights. I really want a fingerprint reader on my phone like I have had on my notebooks for a decade.
I'm looking for an app that will allow me to encrypt folders (preferably without having to go through a third-party file manager) on my Galaxy Note 2 and Nexus 7, while possibly being able to also decrypt and view the folder/files on a Windows or Mac machine.
BoxCryptor is one that I've looked into but I'm not sure if it will allow me to encrypt folders within folders.
A little bit of background for what I need this for... I'm a medical health professional and there are times when I have sensitive data about some of my patients that I need to access via my phone/tablet/home/work computer. I don't necessarily need the folder of patient data to sync across all devices but if that could be done (say via DropBox or WebDAV, encrypted), that would be a bonus.
There are some apps on Google Play that seem like they might work:
Encryption Manager
Safe+
DroidCrypt
If anyone has any feedback on any of the above, or can recommend an app that I've missed (or a link to another xda post that I missed in my searches), that would be much appreciated. I'd rather not have to pay for each one to see if it fits my criteria.
Thanks in advance!
cdnmaplechick said:
I'm looking for an app that will allow me to encrypt folders (preferably without having to go through a third-party file manager) on my Galaxy Note 2 and Nexus 7, while possibly being able to also decrypt and view the folder/files on a Windows or Mac machine.
...
A little bit of background for what I need this for... I'm a medical health professional and there are times when I have sensitive data about some of my patients that I need to access via my phone/tablet/home/work computer. I don't necessarily need the folder of patient data to sync across all devices but if that could be done (say via DropBox or WebDAV, encrypted), that would be a bonus.
Click to expand...
Click to collapse
@cdnmaplechick, did you have any luck with all this? EDS is another one you could try, but I'm not sure if it can do what you want without rooting your device. If you are comfortable rooting your device Cryptonite is an additional option.
If I understand you correctly I am also looking for something similar (which is how I ended up finding your post). I'd like an app that can encrypt specified folders such that other apps can interact with the contained encrypted files without any trouble (this would be very analogous to how TrueCrypt works for Windows computers). I know there is full device encryption available for Android, but that has its drawbacks. I think what you and I are both wanting is something like full device encryption, but being able to limit it to a few designated folders.
I'd love to hear anything you're willing to share about your experiences (positive or negative) with pursuing all this!
Edit: Forgot to mention a secure syncing service you might be interested in: SpiderOak. I have not yet used their Android app, but I use SpiderOak for Windows all the time to securely sync sensitive data between multiple Windows computers (the data is stored in TrueCrypt volumes on each computer).
Apparently this works with Truecrypt so it will work when you transfer it to a Mac or PC
https://play.google.com/store/apps/details?id=com.sovworks.eds.android
Droidcrypt should do entire folders, but has a lot of neg reviews. Personally I wouldn't use any closed source encryption app you have no idea if they're actually generating true random numbers or if it's junk software.
LUKS is free and open source, if your phone is rooted
https://play.google.com/store/apps/details?id=com.nemesis2.luksmanager you can just copy folders into the virtual encrypted folder it creates.
https://play.google.com/store/apps/details?id=org.mrpdaemon.android.encdroid is open source, free and works with dropbox
https://play.google.com/store/apps/details?id=com.koushikdutta.backup Carbon now uses encrypted backup
There's also APG http://thialfihar.org/projects/apg/
You can use PGP to encrypt/decrypt files (perhaps folders?) for transferring to another computer. Or if both your Nexus and your PC/Mac is using full disc encryption then you can just transfer the folders to each other in the clear with USB.
derpsec said:
Droidcrypt should do entire folders, but has a lot of neg reviews. Personally I wouldn't use any closed source encryption app you have no idea if they're actually generating true random numbers or if it's junk software.
Click to expand...
Click to collapse
Yeah, I've felt ambivalent about Droidcrypt. It should do what I want but they feel like such an unknown; they don't even have a website (not that that would make them automatically safer, but I'd at least be able to get a little more of sense of who I'm trusting my data to).
derpsec said:
https://play.google.com/store/apps/details?id=org.mrpdaemon.android.encdroid is open source, free and works with dropbox
Click to expand...
Click to collapse
Thanks for those additional links, and especially for Encdroid! I'm a fan of open source, and it looks like the author's on the XDA forums:
http://forum.xda-developers.com/showthread.php?t=1917665
I definitely want to check that one out further.
How about Cryptonite? https://code.google.com/p/cryptonite/ It says it uses TrueCrypt.
Yes cryptonite seems to be a good solution.
Check-->
https://play.google.com/store/apps/details?id=csh.cryptonite&hl=el
Hello friends
Is an application for Android that folders can be encrypted and password-access to that folder wherever necessary, same encryption on the kms 9(Kaspersky Mobile Security 9 v9.4.96 – S60v3)
So catch is being discontinued.. I need a legit solid comparable application, keep sometimes doesn't save photos.
Any personal experiences with evernote or spring pad?
I mainly use it to save photos I find on fb or Internet.
Thanks!
Sent from my SCH-I535 using Tapatalk 2
I am in a similar dilemma.
I don't like evernote, mainly because they are way too expensive (about 5$ a month is unreasonable in my opinion).
Evernote does not have a true offline option in the free version!
Here are the features that a good note app/service should have (catch notes had all these options):
Web interface and backup/synch (dropbox and web storage services do not count)
Offline editing and full access
Search everything (preferably as you type)
Categories/tags
Password options (preferred)
Reasonable export options is a must so you are not locked in to the app.
No monthly fees for above service (onetime fee only, or atleast a more reasonable month fee than 5$/month)
I looked briefly at the following apps/services and those are the issues I found which do not match my needs:
ColorNote: no web interface
MobisleNotes: web interface without search, no import/export option
Inkpad/notepad: no import/export option on web interface
Note Everything: no sync or export function
I figured I use catch regardless, and just use it for its internal storage options just sucks there aren't any real comparable services.
Catch stores data on android/data/com.threenbananas
Sent from my Nexus 7 using Tapatalk 2
masri1987 said:
Catch stores data on android/data/com.threenbananas
Click to expand...
Click to collapse
i have 3000+ notes and im looking at simplenote as a host, syncing with NValt on desktop, and there are a few android clients.
evernote is very reliable but too heavy. also i dont like that everything must have a title, and i you have to pay to store everything local. most of my notes are short and plaintext anyway.
however im having a lot of trouble importing them to simplenote. they have a tool but its super finicky and inconsistent. i think it will be easier to hack the notes into a client db, and then sync them up to simplenote. however this too is proving difficult because i want to keep the create and modify dates intact as well as the tags.
please let me know if anyone finds a soln.
in the meantime, id like to find the datafile on my phone. at the directory above i have hidden files turned on, but still see only media in ./media and one zero byte file in ./cache. where is the text data?
No luck yet
gnormal said:
i have 3000+ notes and im looking at simplenote as a host, syncing with NValt on desktop, and there are a few android clients.
evernote is very reliable but too heavy. also i dont like that everything must have a title, and i you have to pay to store everything local. most of my notes are short and plaintext anyway.
however im having a lot of trouble importing them to simplenote. they have a tool but its super finicky and inconsistent. i think it will be easier to hack the notes into a client db, and then sync them up to simplenote. however this too is proving difficult because i want to keep the create and modify dates intact as well as the tags.
please let me know if anyone finds a soln.
in the meantime, id like to find the datafile on my phone. at the directory above i have hidden files turned on, but still see only media in ./media and one zero byte file in ./cache. where is the text data?
Click to expand...
Click to collapse
It appears the support pages are still up, abet slow at loading
Code:
http : / / support . catch . com/customer/portal/articles/1020076-i-can-t-see-my-notes-in-global-search-on-android
I can't see my notes in Global Search on Android
Last Updated: Apr 16, 2013 12:25PM PDT
We have made a decision to not allow for a Global Search based on security reasons. With the option to set a passcode on your notes, we feel that Global Search would navigate around this and violate the notes security.
For example: If you have a passcode set on your notes, yet we allowed for Global Search, any term you search for may return a result, thereby indicating that the searched for text is part of a note's content.
Click to expand...
Click to collapse
Im currently looking for a way around this as im trying to use dropbox (storage) and dropsync (to sync particular folders)
If this fails it appears ill have to learn how to create apps and create my own with the Catch API
Failing that decompiling and rebuilding it to my specs is prob the final method
lets hope it doesent come to that
As you can see I haven't been converted to the dark side of other apps yet
Me too. I'm still using catch but locally.
Sent from my SCH-I535 using Tapatalk 2
Did anyone actually get an email regarding this shutdown? I had a bunch of notes stored in AK notepad which are basically lost forever, and I don't have any emails from catch.com notifying me of the termination - I'm just finding out today.
Maybe they ended up in my spam :/
Samsung pass doesn't work. What do you guys use I just came from iphone and it has a password manager built in. What free ones are available
1password. Works everywhere and on everything.
Bitwarden has a free account offering and their premium is very cheap.
Bitwarden is free, open source and the premium is literally $10 per year if you wanted it but it's not needed, everything is available for free except the encrypted cloud storage.
I use Bitwarden's $10 a year tier so I can use my YubiKeys with it.
I don't. Google password manager is free and works flawlessly. Anything else is a waste of time.
Brava27 said:
I don't. Google password manager is free and works flawlessly. Anything else is a waste of time.
Click to expand...
Click to collapse
How do you get Google pass to be the default over Samsung pass?
GastonC said:
How do you get Google pass to be the default over Samsung pass?
Click to expand...
Click to collapse
Under passwords and autofill in settings. Then select autofill service.
Bitwarden $10 annual plan. Avoid using LastPass as they have had several security breaches recently.
Brava27 said:
I don't. Google password manager is free and works flawlessly. Anything else is a waste of time.
Click to expand...
Click to collapse
Not true and several reasons why some others are better and why I don't and wouldn't use Google password manager atm. YMMV
evangelionpunk said:
Not true and several reasons why some others are better and why I don't and wouldn't use Google password manager atm. YMMV
Click to expand...
Click to collapse
Your choice. Google has never failed me.
Brava27 said:
I don't. Google password manager is free and works flawlessly. Anything else is a waste of time.
Click to expand...
Click to collapse
Good luck if your Google account ever gets breached. Or if Google one day bans your account like they've been known to do to others for seemingly no reason. I used Google's password manager for years but when this flaw was pointed out to me, I switched to Bitwarden that same day and I haven't looked back.
It's also very easy to breach your Google account and thus all your others if your phone is stolen.
Like iPhone, a stolen Android phone's PIN could be used to change Google account password
A report from The Wall Street Journal last week sounded the alarm on an obvious, but frightening issue on iPhone...
9to5google.com
EtherealRemnant said:
Good luck if your Google account ever gets breached. Or if Google one day bans your account like they've been known to do to others for seemingly no reason. I used Google's password manager for years but when this flaw was pointed out to me, I switched to Bitwarden that same day and I haven't looked back.
It's also very easy to breach your Google account and thus all your others if your phone is stolen.
Like iPhone, a stolen Android phone's PIN could be used to change Google account password
A report from The Wall Street Journal last week sounded the alarm on an obvious, but frightening issue on iPhone...
9to5google.com
Click to expand...
Click to collapse
These are all valid points but chances of happening are very slim.
Brava27 said:
Your choice. Google has never failed me.
Click to expand...
Click to collapse
Google also thanks you for all your data. But in all seriousness don't keep all your eggs in one basket. Using 1 service or company for everything (Like Google does) is a terrible security practice. I'm not saying don't use Google, I'm saying don't use it for everything PLUS (tinfoil hat time) the way things are going with less and less privacy, I expect Google to start using passwords saved in its services in an attempt to provide more services to users but in doing so they have access to everything about you, bank info, cellular carrier login, other email logins, everything and frankly that would frighten me. This is why I self host on bitwarden, everything is in my hard drive AND encrypted on backblaze.
spart0n said:
Google also thanks you for all your data. But in all seriousness don't keep all your eggs in one basket. Using 1 service or company for everything (Like Google does) is a terrible security practice. I'm not saying don't use Google, I'm saying don't use it for everything PLUS (tinfoil hat time) the way things are going with less and less privacy, I expect Google to start using passwords saved in its services in an attempt to provide more services to users but in doing so they have access to everything about you, bank info, cellular carrier login, other email logins, everything and frankly that would frighten me. This is why I self host on bitwarden, everything is in my hard drive AND encrypted on backblaze.
Click to expand...
Click to collapse
I definitely agree. I might just be really lazy and don't care anymore. I could tie tomorrow and all the passwords I had would be irrelevant lol.
Does Google password manager fill in apps?
I second avoiding LastPass. In addition to the semi-annual breaches, their pricing is ridiculous. $50/year to store 100kB of data in the cloud? There has been zero evolution to their app over the last 5 years, so it is not like they have heavy RnD costs.
Brava27 said:
I definitely agree. I might just be really lazy and don't care anymore. I could tie tomorrow and all the passwords I had would be irrelevant lol.
Click to expand...
Click to collapse
Your passwords will matter to family that left after you're gone. I have several people in my life that have a detailed guide on how to access my digital life if/when I'm gone.
Bank info, logins, email stuff, just to make thier lives easier getting things of mine closed etc.
spart0n said:
Your passwords will matter to family that left after you're gone. I have several people in my life that have a detailed guide on how to access my digital life if/when I'm gone.
Bank info, logins, email stuff, just to make thier lives easier getting things of mine closed etc.
Click to expand...
Click to collapse
Yeah that's true. My good friend just passed at 37. His poor wife couldn't access his iPhone and it made things very difficult to process things and get photos etc.... I will do this process for my wife.
Brava27 said:
These are all valid points but chances of happening are very slim.
Click to expand...
Click to collapse
Is it worth the risk for that slim chance? If someone gets ahold of your online identity, they can ruin every part of your life in a matter of minutes, all while you're totally locked out from being able to stop them. My Bitwarden isn't even tied to my Gmail address for the login and I keep my 2FA in Authy separately, with Authy set to not allow multi-device. It would be pretty difficult for anyone to breach me unless they put in a lot of work that my meager net worth wouldn't be worth doing.
Besides, Bitwarden is actually more convenient than Google's password manager in a lot of areas. When enabling the accessibility options, I've noticed that the password popup shows in places that Google's never did which means less having to manually copy and paste.
EtherealRemnant said:
Is it worth the risk for that slim chance? If someone gets ahold of your online identity, they can ruin every part of your life in a matter of minutes, all while you're totally locked out from being able to stop them. My Bitwarden isn't even tied to my Gmail address for the login and I keep my 2FA in Authy separately, with Authy set to not allow multi-device. It would be pretty difficult for anyone to breach me unless they put in a lot of work that my meager net worth wouldn't be worth doing.
Besides, Bitwarden is actually more convenient than Google's password manager in a lot of areas. When enabling the accessibility options, I've noticed that the password popup shows in places that Google's never did which means less having to manually copy and paste.
Click to expand...
Click to collapse
I'll look into bitwarden. Thanks
KeePass Offline; only caveat is that you have to back it up manually (so each time I update it, I copy it to other devices in case the phone dies or is erased or stolen; my password is super long but I only have to remember one password).