How is the email account password stored in mobile devices?


#1

Hi there.

I was wondering myself how are the email passwords stored in mobile devices?
They are also encrypted, isn’t it?

Thanks!


#2

(I’m not a delta.chat developer, just making guesses)

Probably not, it would be very hard to use them if they were encrypted by the app / you would be asked for a passphrase every time you open the app.

If every app encrypted their storage themselves, you would be asked for a lot of passphrases every time you reboot the phone (or worse, every time you open an app).

The better way to counter this attack vector (some stealing or confiscating your phone), is when you encrypt your whole phone via the android function. When you do so, you protect all of your other apps, too - and if you do so, there is no benefit in deltachat encrypting the passphrase another time.

It makes no sense to annoy users who don’t want to protect themselves against device theft, when it does not help those who want.


#3