Dear Developers,
I’d like to propose considering the possibility of adding optional, additional encryption for some critical user data stored locally on the device.
From my understanding, the current implementation stores the database with messages, files, and, most importantly, the server login credentials and the private PGP key in an unencrypted state. I’ve found that the account password, in particular, is stored in plaintext within the SQLite database file located at DeltaChat/accounts/dc.db. This makes the data vulnerable in the event of physical access to the device, even when it’s turned off or Delta Chat isn’t running.
I understand that full encryption of the entire message database might be considered excessive or not always effective, given that if the program is running, another process could potentially gain access to the data. It’s also often recommended that users rely on the operating system’s full disk encryption.
However, I believe that even in this scenario, additional application-level encryption makes sense for specific types of data. This is particularly true for:
- The email account password. Storing this password in plaintext makes it easily accessible to an attacker. Encrypting the password and decrypting it only when the app is launched (for example, using a key derived from a user-set PIN or password) would significantly improve security.
- The private PGP key. If the private key is not password-protected, it’s also vulnerable. Protecting the private key with a password (or the same mechanism used for the email password) would prevent its use by a third party if the device were compromised.
The proposed feature wouldn’t replace disk encryption but would complement it. It would provide protection for data at rest (when the application is not running) and create an additional barrier for an attacker, even if they manage to gain access to the file system.
I hope you’ll consider this proposal. I’m confident that such a measure would greatly enhance user security and peace of mind.