Is there a way to limit and control the number of devices added via "Add Second Device"?

Freddy · November 10, 2025, 3:20pm

Hello, could you please advise:
Is there a way to limit and control the number of devices added via “Add Second Device”?

adbenitez · November 10, 2025, 5:23pm

hi, there is no limit or control, the server doesn’t know or keep track of how many devices you do have

DELTA_MAFIA · November 10, 2025, 7:28pm

You can send device information in “device messages” to all devices when a new one is added, so you know that a second profile has been added — at least to be aware of when and which devices might be used in the session.

Minim · November 11, 2025, 3:22pm

Having the client track how often it is cloned would be a security measure. Cladestinely cloning another user’s account when they leave their phone unattended seems the easiest way to snoop on them.

r10s · November 11, 2025, 4:50pm

in general, i agree it may be nice to be able to know the number of devices. this is also discussed from time to time among devs, however, due to the decentral structure, and as we want to keep the server dumb, it is not super simple and other things got higher priorities. still doable, as said, we are almost never out of ideas

well, it is not that simple. before the transfer starts, the system is requested to do a device owner verification. so the described attack works only if the phone is not protected by a password, pattern, fingerprint, face, whatever. this seems to be a rare case nowadays.

moreover, the same-wifi is another barrier, surely does not protect against ppl spying on each other in the same household, but here we are already in the topic of more advanced apps, tracking, whatnot

finally, a message is added to the device chats (similar to proposal above), which, however, can be improved as well

Raiden · November 11, 2025, 5:04pm

Many users may not be aware that DC allows a profile to be used on an unlimited number of devices. Given that DC-Desktop does not require a password for profile transfer or backup, this could pose a security risk. It might therefore make sense to rename the function. For example, “Add Additional Device” instead of “Add Second Device".

DELTA_MAFIA · November 11, 2025, 8:33pm

For example, why not add session information to the “Connection” section, where the server and storage size details are shown?
The idea is that the client would send an encrypted message to itself once a week containing information about the device it’s installed on.
If synchronization is enabled, the “Sessions” section would then display a list of devices that have been used during the past week.

Minim · November 12, 2025, 3:17pm

I did not know this and it changes my views. While I do in fact know the password/pattern of some of my friends’ mobiles, and vice-versa, these are chosen trust relationships and I don’t think we’d maliciously or accidentally clone one anothers’ accounts.

It seems my comments only apply to the the threat of cloning from desktop, and at least desktops are usually carried around and mislaid less.