I would like to share an app I created together with a co-worker. It's the winning entry of the 2014 Dutch Samsung App Challenge (category best fingerprint app). The app is called S-Vault and it acts like a password vault which is integrated into your (on-screen) keyboard! We needed the app to be fast, secure and very easy to use, so that's where we put the focus of the development on. The app is available in the Samsung App Store (free), Google Play Store (paid) and you can download the APK here (free).
Web site
To get an overview of the project you can visit the (imho very nice looking) website at this location.
Why / Goal
We all know (or are getting to know) that it is important to use different passwords for all services we use that require password authentication. We also can understand that using different passwords with small variations is not very smart (whenever one of your passwords gets stolen, small variations lead up to your other passwords being broken very fast). We also know that using long passwords with random characters is the best thing to do. But... We can't remember all these passwords and using password managers like KeePass is great but it's still cumbersome when you need to enter a password. S-Vault solves these problems by integrating a password vault into your device's keyboard. No need to swap apps, no need for clipboard copy-pasting, whenever you need to enter a password: open the vault, authenticate with your fingerprint, NFC-tag or PIN-code and the password you need will be filled in. All in all, with S-Vault you can finally use fully randomized passwords, a different one for each service you use!
Key features
* Unlock your vault with your Fingerprint, an NFC-tag or PIN-code (fingerprint only available on Samsung devices with fingerprint sensor like the Galaxy S5 and Note 4)
* S-Vault replaces your keyboard with Google's AOSP keyboard and the S-Vault button is integrated into the keyboard, so you don't have to switch apps when you need to enter a password and there is no need for clipboard copy-pasting
* The app can be paired with a Chrome Extension, so you can send passwords to your browser too!
* Primary and alternative authentication (meaning you can define e.g. NFC and PIN-code as authentication methods and use the PIN-code if you don't have one of your registered NFC tags with you)
* Importing passwords from any kind of existing password manager (you need to export to CSV)
* S-Vault is based on Google's AOSP keyboard (the default keyboard on stock android), meaning it will replace your keyboard. The AOSP keyboard is a great keyboard to type on, just try it
Screenshots:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Security
If you will use this app, the passwords you register will be be stored on your device. There's nothing we can do about that, but we did what we could to ensure your passwords are safe. S-Vault stores the passwords in your 'Shared Preferences' (this is a place where apps can store data). If your device is not rooted, this is unreadable by anything but the app. That's nice, but your passwords need a lot more security. That's why we decided to make a trade-off between safety and usability. We used the symmetric AES encryption method to encrypt the data using a 1024-bit PBKDF2 derived key with a randomly generated salt and 5000 iterations. Your passwords are not stored anywhere else, but on your device.
If you use the Chrome Extension to send a password to your browser, it means that the password will be sent across the internet. Using SSL and a symmetric AES encryption is not enough to guarantee your data is safe. That's why we use RSA (with PKCS#1 padding) with signature verification when sending data over the internet. If this sounds complicated: it means that even if someone intercepts the data sent over the internet, that someone cannot decrypt it. Still to difficult? It's what your bank uses.
How does it work?
It's very simple. Whenever you need to enter a password, just click the vault icon on the S-Vault keyboard (located somewhere on the bottom-left) and authenticate yourself with (one of) your defined authentication methods, select the service which the password is for and the password will be entered! Whenever you need to fill in a password in Chrome, the S-Vault icon will be visible in the password field and you can start the 'Send password' item in your app drawer and the password you need will be sent to your browser after you authenticated yourself! Awesomesauce!
Samsung Developer Challenge
Somewhere in march 2014, Samsung launched a developer challenge for the upcoming Galaxy S5 and Samsung Gear devices. For the Galaxy S5 the challenge was to create an app that uses the fingerprint sensor. S-Vault was chosen as one of the ideas to be developed and on December 4, 2014, we ended as the winner of this challenge, so we're very proud we won and we hope this app will help with the process of becoming more 'password-aware'!
Here's a picture of us:
What will the future bring?
We are (of course) still working on the development of the app. Here are some features that will be available in the (near) future:
* More authentication methods (Pebble, Bluetooth, QR, etc., etc.)
* Extended support of password items (you can now only store a label and password per item, we want to add more fields (just like existing password managers can do)
* Firefox extension (next to the Chrome Extension)
* iOS 'extension' (to be able to send passwords to your iOS device, e.g. iPad)
* Windows extension (to be able to send passwords to your desktop)
Closing words
I don't think there's much more to say, except that we hope you like this project and we really hope it can help you in your daily struggle to keep your passwords safe! Please use this thread for questions, compliments, blames or anything else you want to say!
Change log
No changelog yet
Link
Chrome Extension: http://goo.gl/716zRO
App (Samsung App Store): http://goo.gl/6HYyXd
App (Google Play Store): http://goo.gl/zFpl9f
Direct links
APK: http://www.s-vault.nl/apk/SVault_v111.apk
Older versions
No older versions yet
Does this work with all keyboards and roms or is it samsung only?.
Sent from a stolen phone!
It works on every Android device, no matter the brand, model or if it's rooted or not! Have fun!
Seems very handy. Will have a try and use it. Thanks heaps nice work
"integrated into your keyboard". You mean "it is integrated into our aosp keyboard".
Sorry. Not changing keyboards for love nor money. Especially when you lie in the description.
Sent from a stolen phone!
Yeah have to admit that is a deal breaker for me. The keyboard. Nice idea tho
shivadow said:
"integrated into your keyboard". You mean "it is integrated into our aosp keyboard".
Click to expand...
Click to collapse
I'm sorry that wasn't clear enough, I assure you that was not intentionally. I have edited the original post and clarified that the app is based on the Goole AOSP keyboard.
shivadow said:
Sorry. Not changing keyboards for love nor money. Especially when you lie in the description.
Click to expand...
Click to collapse
That's fine, no problem, I can understand (although I have never found a keyboard as good as the AOSP one, but that's another discussion ). I did not deliberately 'lie' about anything, so I'm sorry you understood incorrectly, as said, I've changed the OP for clarification.
sswagonman said:
Yeah have to admit that is a deal breaker for me. The keyboard. Nice idea tho.
Click to expand...
Click to collapse
Thanks and that's too bad . S-Vault can be easily integrated into other keyboards, so if your keyboard is open sourced, it can be implemented without a sweat.
Themed google keyboard is what I use
Swiftkey myself, biggest data miner around. Have you thought about taking this to xposed?. Surely it'd be easier to implement it on any keyboard that way..
Sent from a stolen phone!
sswagonman said:
Themed google keyboard is what I use
Click to expand...
Click to collapse
The Themed Google Keyboard doesn't seem to be open sourced, therefore it is infeasible to add an S-Vault button. We are investigating the possibility to implement S-Vault in the form of an ongoing notification. This way you can keep using whatever keyboard you want. Would that be satisfactory?
Related
THIS PROJECT IS IN DEVELOPMENT AND THERE IS NO GUARANTEE IT WILL WORK - CURRENT VERSION 0.3ß - RELEASED FEBRUARY 6th, 2014 - SEE BELOW FOR CHANGELOG AND DIRECT APK LINK
I would like to share an app I actually wanted to make make myself, but it seems that it actually might be something worth releasing. The app is called Message Beam and with it you can send text from your desktop to your phone *and vice versa*. At the moment it is only available as a Chrome Extension (apart from the Andoid app), but when completely finished it will have at least have a Chrome Extension, a web site and a stand alone executable (probably .NET).
Key features
* Send selected text, URL's or custom messages from Chrome to your Android device
* Messages will be copied to the device its clipboard, URL's will be opened when you click on the notification
* Send messages from your Android device to Chrome
* You can link multiple devices (so you can link your tablet too )
* Encrypt messages to improve your privacy (keys only stored at device and/or endpoint, meaning they will never be sent over the internet).
Why it was made
Up until now I used the Chrome to Phone extension, but it lacks the possibility to send custom text or a text selection. Also, it often takes a lot of time before the message is actually delivered and sending a message from the device to Chrome is impossible, as well as linking more than one device. Message Beam tries solves all these shortcomings.
Screenshots:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
How does it work?
The underlying technique used is an XMPP server. Messages sent from and to devices will only be stored until they are delivered and are (*OF COURSE*) not read, used for analysis or used for any other form of privacy violation. Linking devices is as easy as creating a special code of at least 4 characters and entering it in the Chrome Extension, setup can be done within a minute.
Why release it as some sort of development build?
I made this project for myself and have done no research whatsoever in what others might want from this app, so releasing it on this forum means I can hopefully get some feedback that will help add features and make the app perfect!
What will the future bring?
The functionality provided is the bare minimum of what I had in mind. The future will probably bring at least the following things:
* Encryption (with keys only available on your device and endpoint (e.g. Chrome Extension), meaning it's impossible for the Message Beam server to decrypt messages Done in version 0.2ß
* Files (Images, Office documents, etc., etc.). Preparations for this have already been made.
* More endpoint types (Executable, Website, Firefox extension -> see below, Java client, etc.)
Is it free and will it stay free?
Yes and Probably. When there are not too many users, I can host it on my own small VPS and won't have any extra costs. However, if there are too much users, I will need to add one or more VPS'es and then some features might only be available in a paid version, but the intention is to keep it free.
Closing words
As said, this project is still heavily in development and released just because I want to check if it's something worth releasing in public eventually I hope you like it and thanks for reading!
Change log
0.4ß (february 15, 2014)
CHROME EXTENSION
- Added possibility to receive messgages that were sent while the connection was unavailable. This feature will be enabled (server side on feb. 22, 2014).
FIREFOX EXTENSION
- Added possibility to receive messgages that were sent while the connection was unavailable. This feature will be enabled (server side on feb. 22, 2014).
ANDROID APP
- Pre Honeycomb (< 3.0): Added a setting to enable a permanent notification. If enabled you can send the current content of the clipboard by clicking it.
- Honeycomb and higher (3.0+): Added a setting to enable a notification when the clipboard content changes. When clicked, it will send the current clipboard content to the endpoints.
0.3ß (january 25, 2014)
IF YOUR CHROME EXTENSION IS UPDATED TO VERSION 0.3ß YOU NEED TO UPDATE THE ANDROID APK TOO!
CHROME EXTENSION
- Changed chat setup, a room will be created now (in stead of separate chat instances), this will greatly increase the message delivery time
- Fixed decryption bug (when encrypted data had more lines)
- You can send a message with CTRL+ENTER now
- When pasting text in the message text-area, the send button will be enabled now
- When connected, you can now see the availability of the Android device
- Small visual improvements
ANDROID APP
- Added connection status (when not connected and authenticated, you see what the app is doing to restore connection)
- Added first 'share' target (for plain text, meaning plain text can now be shared, which will be sent directly to the end points)
- Messages which cannot be sent (due to connection issues), will be sent whenever an internet connection becomes available.
- App will now automatically reconnect directly when an internet connection will become available (in stead of waiting for a certain amount of time)
- App now works on 2.2+ (previously it crashed)
0.2ß (january 19, 2014)
- Added encryption. You need to update both the Chrome Extension and the APK to make it work
0.1ß (january 16, 2014)
- Initial release
Link
Chrome Extension: https://chrome.google.com/webstore/detail/message-beam-for-android/mlndbhjjfllliigpnpinfhmiaocogeba
Firefox Extension: https://dl.dropboxusercontent.com/u/11837707/messagebeam/release/0.0.4/MessageBeam_0_0_4.xpi
Just install the Chrome Extension / Firefox Addon and the it will guide you, including the installation of the APK. The Android app is not yet available in the Play Store.
You can update the APK with this QR:
Direct links
Chrome extension (zip, source): https://dl.dropboxusercontent.com/u/11837707/messagebeam/release/0.0.4/MessageBeam_0_0_4.zip
Firefox extension (xpi): https://dl.dropboxusercontent.com/u/11837707/messagebeam/release/0.0.4/MessageBeam_0_0_4.xpi
APK: https://dl.dropboxusercontent.com/u/11837707/messagebeam/release/0.0.4/MessageBeam_0_0_4.apk
Older versions
0.3ß
Chrome extension (zip): http://goo.gl/BD1pge
Firefox extension (xpi): http://goo.gl/2AnEA3
APK: https://dl.dropboxusercontent.com/u/11837707/messagebeam/release/MessageBeam.apk
0.2ß - https://dl.dropboxusercontent.com/u/11837707/messagebeam/release/MessageBeam_0_2.apk
Finally...
Finally! A quick and easy way to have bi-directional clipboard functionality between my desktop/laptop and my mobile devices. Also very easy to install and everything works right out of the box. This is the way to go!
Can't wait until more features like sending images, audio and/or videos files. Keep up the good work!
The extension and app have now been updated and encryption was added. The keys used will be saved in the extension and the app using an AES encryption algorithm. The messages will also be sent with AES (different salt and IV's though). The passphrase is only stored on the device and endpoint, it will only be used to encrypt and decrypt the messages and will NEVER be sent over the internet.. This feature was added to improve privacy.
this is just awesome... just what i was looking for :laugh:
This is really amazing... works like charm in both ways! Put it to Google Play asap! (easy updates)
How it's different from PushBullet?
geekon said:
How it's different from PushBullet?
Click to expand...
Click to collapse
Its name is different
Just kidding, thanks for a pushbullet alternative :good:
A big thank you! Working perfectly on my X8! :good:
works like a charm.
VAST compliments for the ease of setting and using! you should sell this app to google to be merged with android code. or maybe google should hire you, seriously
Great
But, i can do that with Pocket, Evernote, Keep!!
Or amiwrong
This is really great. There's one thing though I'd like to have since years. Do you know the app aosp wifi keyboard? Basically it's an IME that gets its input from another client (Web page). As you have implemented encryption i wonder if it's possible to do the same thing via Internet connection. This means that the chrome extension needs to send every character on text change and a special ime needs to receive the character.
Maybe there are other solutions that I'm not aware of? If not, do you consider to add this to the wish list?
Cool I will try!!
Woking
It's working great on my HTC One thanks.
Working great on my desire X
Thanx for your work
ladalgigi
work perfect on HTC One with MIUI
:good:
thx bro
Very nice, and it's working very well. You should consider adding posibillity to integrate message beam to androids share feature.
perfect perfect perfect
Very Very good ! keep on the good work...thank you
Working perfectly on my LG G2, thanks!
It would be awesome if you could make a firefox add-on!
I currently have AOKP (Maclaw) installed on my Samsung Galaxy SIII Mini, but as I was looking through the apps, there was one particular app that got me slightly concerned. It´s called Panda and when I click it, the only option I have is to "Enable Energy Save Mode", yet that utterly simple app has FULL access to the entire phone.
Firstly with Panda, you do not have the option to uninstall it the easy way, so a noob is forced to have it there.
If you try to forcibly stop Panda in the app manager, it will restart itself automatically.
Further more - Panda have the perrmissions to
- directly call phone numbers
read phone status and identity
- read your text messages (SMS or MMS)
send MMS messages
- take pictures and photos
- record audio
- approximate location (network-based)
precise location (GPS and network-based)
- modify your contacts
read your contacts
- read your own contact card
- modify or delete the contents of your SD card
- disable your screen lock
- set an alarm
- read Google service configuration
use accounts on the device
view configured accounts
- read terms you added to the dictionary
- change system display settings
modify secure system settings
retrieve system internal status
- change network connectivity
change WiMaX state
connect and disconnect from Wi-Fi
connect and disconnect from WiMaX
control Near-Field Communication
full network access
view network connections
view Wi-Fi connections
- access Bluetooth settings
pair with Bluetooth devices
- re-order running apps
retrieve running apps
run at startup
- draw over other apps
- control vibration
prevent phone from sleeping
- add words to user-defined dictionary
- change your audio settings
. read sync settings
read sync statistics
toggle sync on and off
- expand / collaps status bar
- modify system settings
read battery statistics
read Home settings and shortcuts
test access and protected storage
write Home settings and shortcuts
- full permissions to all device features and storage
- Set global theme
..meaning I guess that this Panda app has full administrator/root permissions.. - ..but why?
Why does a seemingly useless application like Panda have root permissions, which in turn also makes it fairly difficult to remove? What is the application Panda´s true purpose? Why is it there in the first place? What does it do, exactly?
My concerns with these alternative smartphone operating systems is that there might be an Ubuntu/Debian scenario, where Debian is a nice clean OS giving you the very basics and letting you choose whatever extra you want from there, whereas Ubuntu comes with a lot of extra stuff that you do not really need and / or should be given the ability to choose if you wanted to install or not, upon install.
So, I guess my question to the experienced, security- and privacy-oriented smartphone-OS user is:
What is the best alternative smartphone OS that gives you a simple OS without anything extra such as that suspicious Panda app?
In other words, which smartphone alternative out there today can be trusted the most to respect my privacy? I would of course look into Firefox OS if it was available.
Am I being overly paranoid about AOKP? Should I just keep that, or perhaps Cyanogenmod is the way to go? Or perhaps I am missing an even better solution?
Thanks.
You know you can easily disable those permissions with app ops, do you?
Sent from my GT-I8190 MaclawStudio CM 11 using Tapatalk
GXGOW said:
You know you can easily disable those permissions with app ops, do you?
Sent from my GT-I8190 MaclawStudio CM 11 using Tapatalk
Click to expand...
Click to collapse
Not with the Panda application you cant, and thats using the original App Ops with 4.3 support.
If you access App Ops to edit permissions for Panda, you arent given a single permission to alter.
The App Ops I am using works just fine with other applications, and I can easily alter permissions - but with Panda, not so--I cannot edit a single permission of Panda´ s, and yet that application has full access to my entire phone.
Panda is an application that seems to come by default with the MacLaw releases, at least on AOKP - I havent tested their Cyanogenmod release yet.
That Panda bear logo of this particular Panda app that I am talking about is the same Panda depicted on http://maclaw.pl - so it kinda begs to question - why is there an application like that with the AOKP MacLaw releases in the first place? Does that app gather information? Can it be accessed remotely? What exactly does it do?
The Panda "Teddy" logo:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
You could upload the app to VirusTotal and if nothing is picking it up then send it to a AV provider that you like as a suspicious file and they'll check it over.
Or upload it and post the link here and I'm sure someone who knows far more than I do) could look it over.
You could also just ask him yourself, but I don't think he'll be collecting your personal information. The only thing that app does, is turning off one CPU core and setting the governor to OnDemand. That's all I know.
PSA root apps, or mods to the system don't really need to declare permissions, they can obtain the same functionality other routes. Don't judge the safety of an app just based on it's permissions.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Hey all, I would like to present to you my application, it is my first app which I released to market.
Clean, simple and material design on your device from android 2.3+
Nowadays, every website is vulnerable to hackers. So our data are not safe everywhere. You shouldn't have one, two or even three main passwords for all your accounts. If you want to feel safe you should have in each of them their own password, independent of the others. Password Creator will create it for you and make it easier to manage them.
Password Creator is an application which allow you easily generate and manage your unique passwords for everything. Additionally, you can change each list and generate a password, in its sole discretion. Additional options, such as exclusion and repeat will ensure that your password will stronger.
Built-in manager will help you remember all of your passwords, categorize them and keep in one place.
You can feel safe because passwords are stored in encrypted DataBase with AES algorithm (128Bit key - depends on your PIN). Additionally there is NO Internet connection permission, so you can be sure that your passwords never will leak outside your smartphone.
Manager and settings are safely because of main PIN which you have to only remember.
All these function in fully responsible and easy material design with backward compatibility to android 2.3.
Of course you can import and export your password, move them to other device - just do it with current PIN.
FEATURES of Password Creator:
• Fully editable lists from which you generate your password
• Categories with ability to define your own
• Manager to store all your passwords
• History of generated passwords if you want get one back
• Material design starting with version 2.3+
• No internet connection required
Full version:
• Unlimited passwords in the manager
• Unlimited history
• Unlimited categories
• Lists are editable
Thanks:
@AlwaysAndroid
@Pilatus47
@$wap
+RaffaeleLandi
+LuigiMarcucci
+Oliver
+Christobal
Download:
Facebook: https://www.facebook.com/passcr
Beta channel: https://plus.google.com/u/0/communities/116369350111513931386
I will be very grateful for any feedback, not only if you have issues. All comments and ideas are welcome.
I am not responsible for any third party applications you have installed and can cause damage to your phone and data stored on it
Changelog:
1.0.6
- sort passwords ascending and descending
- visual improvments
- password modification dialog is closing now after update
1.0.3
- added Spanish
- PIN changes now correctly
- bug fixes
1.0.2
- generator also secured by PIN (everything to better secure your database) - next will be added AES128/CBC/PKCS5 as an option and passphrase as main PIN (in this case password)
- fixed stack in settings
- added Polish, Italian and Croatian langauge
- other fixes
1.0.1
- Bug fixes on tablets
- Updated app icon
- Other small fixes
- If you want help translate to other languages - contact with me
1.0.0 - initial release
Do you plan to translate into other languages?
Why not open source? Especially when it comes to privacy, passwords, etc. people want to know how it works. What are your apps' advantages worth mentioning over other free apps, let's say Twik?
The less you know the better you sleep
Seriously, there are two most important things:
NO INTERNET connection permission - you can be sure that in no magical way, your passwords do not leak
Material - created in accordance with the principles of Material design
I think that first point is the most important because I don't what happen with my data in other applications which require it. Twik need it for icons? They are too heavy to put it inside app? Maybe yes, but I don't have time to check code every update, is the code from the git is an application that I use. I checked several popular applications of this type and all have Internet Connection permission. They have over 100k users who probably don't know what is happening in app or after they closed it. I don't want to wake up one day and find that after last update my informations are circulating on the Web.
Other advanteges:
No ads
Additional options to generate password (eg you can define how many repeats should be max in row)
One again Material design which is good point in that app (available from android 2.3.3+)
Good work
pawtok said:
Do you plan to translate into other languages?
Click to expand...
Click to collapse
Yes, if only there will be people who want to translate it to different languages.
Upcoming new version with fixes for tablets, rate bar. App is ready now to translate to different languages and prepared for future encrypting algorithm. Now is DES with 64bit key -> will be AES with 256bit key (both depends on your PIN of course)
Great App! Good looking!
Do you intend to support existing database format like keepass2 for example ?
Hello,
If you have a file with all the variables that needs to be translated, I can provide you the French version.
admiralwilly said:
Great App! Good looking!
Do you intend to support existing database format like keepass2 for example ?
Click to expand...
Click to collapse
I have to check whether it is able to save decrypted database. But eWallet probably will be first one which will be supported.
Inermis said:
Hello,
If you have a file with all the variables that needs to be translated, I can provide you the French version.
Click to expand...
Click to collapse
Thanks, I'll contact you as soon as I prepare excel.
Very nice helpfull tool,
but the length option doesn´t work
Marurban said:
The less you know the better you sleep
Click to expand...
Click to collapse
Sorry, but this is one of the dumbest things I've ever heard[emoji58]
Seriously, there are two most important things:
NO INTERNET connection permission - you can be sure that in no magical way, your passwords do not leak
Material - created in accordance with the principles of Material design
I think that first point is the most important because I don't what happen with my data in other applications which require it. Twik need it for icons? They are too heavy to put it inside app? Maybe yes, but I don't have time to check code every update, is the code from the git is an application that I use. I checked several popular applications of this type and all have Internet Connection permission. They have over 100k users who probably don't know what is happening in app or after they closed it. I don't want to wake up one day and find that after last update my informations are circulating on the Web.
Other advanteges:
No ads
Additional options to generate password (eg you can define how many repeats should be max in row)
One again Material design which is good point in that app (available from android 2.3.3+)
Click to expand...
Click to collapse
Having no Internet permission is an absolutely good thing, but being open source those apps can be reviewed and even compiled without it, so it's not really as dramatic as you described. Twik also free of ads, but I agree with you that your app offers more possibilities of creating passwords.
But nonetheless, nice app
Marurban said:
I have to check whether it is able to save decrypted database. But eWallet probably will be first one which will be supported.
Thanks, I'll contact you as soon as I prepare excel.
Click to expand...
Click to collapse
Your app looks good.
Just ask if you need a german translation
New update is available now. To better protect your data, generator must also be protected with PIN. I tested AES128/CBC/PKCS5 on my S3 and it is very slow but is better than DES encryption algorithm. Because most of user don't have any of top devices like Nexus 6, this algorithm will be added as an option. Here I have a proposal to add option to login to app once but only at your own risk. What do you think?
Is there anyone here who would like to translate the application to Spanish?
(Added thanks in 1st post and fanpage: https://www.facebook.com/passcr)
@Marurban after installing it force closes on my galaxy y duos gt-s6102,running stock rooted GB 2.3.6 rom. log attached.
Marurban said:
Is there anyone here who would like to translate the application to Spanish?
(Added thanks in 1st post and fanpage: https://www.facebook.com/passcr)
Click to expand...
Click to collapse
Nice app. Clean and simple!
If you´re still looking for a spanish translator, I can give it a try.
Saludos
Exactly what I needed, I just had to increase the security of my accounts since I was using some really weak passwords.
killoid said:
@Marurban after installing it force closes on my galaxy y duos gt-s6102,running stock rooted GB 2.3.6 rom. log attached.
Click to expand...
Click to collapse
I checked it and... are you trying to change something by xposed? On emulators everything is ok
Pilatus47 said:
Nice app. Clean and simple!
If you´re still looking for a spanish translator, I can give it a try.
Saludos
Click to expand...
Click to collapse
New version with bug fixes and Spanish language (finally added), will be available to download in 1 hour. But if you have any suggestions to translations pm me.
Marurban said:
I checked it and... are you trying to change something by xposed? On emulators everything is ok
Click to expand...
Click to collapse
nope. xposed has nothing to do with this app i guess!
Edit: new log attached.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Bitwarden - Free & open source password manager for all of your devices
Download .apk directly
Description
Bitwarden is the easiest and safest way to store all of your logins and passwords while conveniently keeping them synced between all of your devices.
Password theft is a serious problem. The websites and apps that you use are under attack every day. Security breaches occur and your passwords are stolen. When you reuse the same passwords across apps and websites hackers can easily access your email, bank, and other important accounts.
Security experts recommend that you use a different, randomly generated password for every account that you create. But how do you manage all those passwords? Bitwarden makes it easy for you to create, store, and access your passwords.
Bitwarden stores all of your logins in an encrypted vault that syncs across all of your devices. Since it's fully encrypted before it ever leaves your device, only you have access to your data. Not even the team at Bitwarden can read your data, even if we wanted to. Your data is sealed with AES-256 bit encryption, salted hashing, and PBKDF2 SHA-256.
Bitwarden is 100% open source software. The source code for Bitwarden is hosted on GitHub and everyone is free to review, audit, and contribute to the Bitwarden codebase.
Screenshots
Source Code
Check bitwarden out on GitHub.
Mobile app: https://github.com/bitwarden/mobile
All other components: https://github.com/bitwarden
More
Learn more about bitwarden on our product website https://bitwarden.com
Beta Testing
Try out the latest features! Join the bitwarden beta testing program on Google Play here: https://play.google.com/apps/testing/com.x8bit.bitwarden
Thanks for opening a thread on XDA.
I'm waiting for a few features before leaving Lastpass.
Keep it up! You have already done an awesome job!
Primokorn said:
Thanks for opening a thread on XDA.
I'm waiting for a few features before leaving Lastpass.
Keep it up! You have already done an awesome job!
Click to expand...
Click to collapse
Thanks! Hoping to spark some interest/discussion/feedback here.
How close are you to the accessibility service and allowing automatic filling in of apps and internet like LastPass does? This is basically what I am waiting for and that is it.
LudoGris said:
How close are you to the accessibility service and allowing automatic filling in of apps and internet like LastPass does? This is basically what I am waiting for and that is it.
Click to expand...
Click to collapse
Hoping to have it available within the next couple of months. You can track progress of that feature here: https://github.com/bitwarden/mobile/issues/1
I've just read your email for the Kickstarter compaign and I'm willing to pay for the Early Backer Lifetime Premium Membership.
As you explain on HN, bitwarden is sponsored by the Microsoft BizSpark program. So could you give more explanations? For how long is it sponsored by Microsoft? What could happen if you don't reach $49,000?
My main worries are Auto-fill for Android and Independant security audits. Do you plan annual audits of the whole source code?
I dont really understand this point:
Operations. Growing bitwarden requires investment to accelerate product feature development and power our secure product servers.
Click to expand...
Click to collapse
Servers are managed by Microsoft Azure? Do you want to leave Microsoft and increase your server access/storage?
Did you ever consider using other services than the one provided by Microsoft ('a GAFAM')?
French translation done
Can you also explain, why you (bitwarden) over established brands like LastPass and Dashlane?
LudoGris said:
Can you also explain, why you (bitwarden) over established brands like LastPass and Dashlane?
Click to expand...
Click to collapse
I can at least say that bitwarden is fully open source, the main reason why I will probably stop using LastPass.
Kyle (kspearrin) takes into account users feedbacks and seems to be opened to suggestions. AFAIK it's as secure as LastPass.
Primokorn said:
I've just read your email for the Kickstarter compaign and I'm willing to pay for the Early Backer Lifetime Premium Membership.
As you explain on HN, bitwarden is sponsored by the Microsoft BizSpark program. So could you give more explanations? For how long is it sponsored by Microsoft? What could happen if you don't reach $49,000?
My main worries are Auto-fill for Android and Independant security audits. Do you plan annual audits of the whole source code?
I dont really understand this point:
Servers are managed by Microsoft Azure? Do you want to leave Microsoft and increase your server access/storage?
Did you ever consider using other services than the one provided by Microsoft ('a GAFAM')?
French translation done
Click to expand...
Click to collapse
Our current sponsorship lasts for 2.5 more years, however, this sponsorship is not infinite. As bitwarden grows larger we will outgrow the sponsorship and need additional investment. We are not anywhere near our ceiling on this yet though.
If we do not reach our goal, I will still continue working on the project and the features outlined. That is not in question. Things just might move at a much slower pace than I would like since I have other obligations that prevent me from doing this full-time.
Leaving Azure is not in question at the moment. It works well and supports our needs.
Thanks again for your french translations!
@Primokorn Could you please email from the contact form on the website, https://bitwarden.com/contact/? I'm trying to collect all of the translation contributors contact information so that I can keep you up to date via email when translations change. Thanks.
kspearrin said:
@Primokorn Could you please email from the contact form on the website, https://bitwarden.com/contact/? I'm trying to collect all of the translation contributors contact information so that I can keep you up to date via email when translations change. Thanks.
Click to expand...
Click to collapse
No problem. Done.
I'll do the missing translations in the coming days.
Update for 1.2.1 posted.
https://github.com/bitwarden/mobile/releases/download/v1.2.1/com.x8bit.bitwarden.apk
- Performance improvements
- Bug & crash fixes
- Added Chinese language localization
Updated for version 1.3.0 with autofill! @LudoGris
https://github.com/bitwarden/mobile/releases/tag/v1.3.0
- New auto-fill accessibility service to auto-fill your logins into other apps and websites. Check the tools screen for more info on setting it up!
- Finnish language added
- Support for "equivalent domains" when auto-filling (configurable from web vault)
- Better syncing
- Bug & crash fixes
Why auto fill is not working with uc browser ?
jerryn70 said:
Why auto fill is not working with uc browser ?
Click to expand...
Click to collapse
Some browsers do not work properly with accessibility services so we cannot support them at this time. I haven't tested UC browser through. Can you link me to it and I'll check it out.
kspearrin said:
Some browsers do not work properly with accessibility services so we cannot support them at this time. I haven't tested UC browser through. Can you link me to it and I'll check it out.
Click to expand...
Click to collapse
https://play.google.com/store/apps/details?id=com.UCMobile.intl
Why we need to add seperate login details for app and it's site ?
If I add xda app login details to bitwarden, then when I visit xda site, again I need to add the login details to bitwarden.
In lastpass we need to enter only one. If we add app login details, when we visit it's website it will auto detect the details.
jerryn70 said:
Why we need to add seperate login details for app and it's site ?
If I add xda app login details to bitwarden, then when I visit xda site, again I need to add the login details to bitwarden.
In lastpass we need to enter only one. If we add app login details, when we visit it's website it will auto detect the details.
Click to expand...
Click to collapse
Yep that is a mess.
---------- Post added at 08:54 PM ---------- Previous post was at 08:45 PM ----------
@kspearrin you have a wonderful app here. Switched from keepassx. Using it via chrome extension and android app. Issues that i found: double pass for android and web and accessibility services does not work on Chrome Dev on 7.1.1
Keep up the good work and thanks!
@jerryn70 @icrunchbanger we're working on some improvements to that flow.
@jerryn70 @icrunchbanger I've added some improvements to autofill that is now in beta to test:
1. Added two groups of logins in the autofill listing: matching logins and possible matching logins.
- Matching logins are the results from the way the current version works (complete matches).
- Possible matching logins are ones were the app tries to make a guess based on the reverse domain of the package name on an app. For example, `androidapp://com.google.plus` will match `https://google.com`. A warning alert is shown whenever you select a possible matching login for autofill since it is possible to exploit this method.
2. Added ability to search your full vault to select anything for the autofill.
Get the beta here: https://play.google.com/apps/testing/com.x8bit.bitwarden
Let me know any feedback and I'll plan on publishing this soon.
Hi everyone,
I have created my own Parental Control application since I had difficulties to find a free, simple and secure one.
I'm actually searching for testers or good ideas.
It allows to:
avoid installing new application by blocking the Play Store
block the installed applications (completely or by adding a time limit)
limit the calls duration
ensure the Youtube parental filter is enabled (and stays enabled)
track your child applications or network activities
be warned when your child leave a defined area (PAID FEATURE)
block undesired content (adult/illegal websites...) or a specific website by filtering the device's network requests (PAID FEATURE)
Beware of one thing: Kiddie does not provide any remote control. You will have to take your child's device to do restriction modifications.
Play Store link:
https://play.google.com/store/apps/details?id=net.frju.heimdall
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
fr_ju said:
Hi everyone,
I have created my own Parental Control application since I had difficulties to find a free, simple and secure one.
I'm actually searching for testers or good ideas (like better name or icon).
It allows to:
avoid installing new application
restrict the installed applications (block them or add a time limit)
limit the call duration
ensure the Google Play/Youtube/... parental filters are enabled (and stay enabled)
track your child applications or network activities
block undesired content (adult/illegal websites...) by filtering the phone's network requests (this is the only paid feature)
Beware of one thing: Heimdall does not provide any remote control. You will have to take your child's device to do restriction modifications.
Play Store link:
https://play.google.com/store/apps/details?id=net.frju.heimdall
Click to expand...
Click to collapse
Looks good! Can you add functionality for maximum daily use and non-use time (e.g. bedtime or school time)? Thnx!
grimloktt said:
Looks good! Can you add functionality for maximum daily use and non-use time (e.g. bedtime or school time)? Thnx!
Click to expand...
Click to collapse
Agree.
Great and useful application.
The maximum daily usage feature is really important to make it real hit against those apps that wants money.
I'm a beginner in Android programming, but i would also like to contribute to this project.
Hi everyone,
For your information Heimdall has evolved since the first post here. Several features has been added, including the one you were asking here: a global phone limit. However, please note I've added that one in the paid version only.
Why can't I install it on my Android 8.1 Huawei P20?
Off-topic: For a moment I was confused on why a tool for flashing ROMs on Samsung Galaxy S was in focus again !
Is remote control coming? Like viewing what apps they have downloaded or seeing YouTube history?
Sent from my Sony Xperia XZ1 using XDA Labs
Cool app. In my opinion:
1. Blocking the entire settings app is too overreaching, only sensitive settings activities should be blocked (VPN, Accessibility).
2. Remote control would be nice (eg. kid is at a friend's for the afternoon and you want to unlock stuff without driving across town).
3. Maybe a way to pick individual activities inside applications (eg. YouTube settings panel).
Before selecting a name for an app, you should search XDA for that name. In case of heimdall you will find the Linux version of Odin. The well known Samsung flashing tool.
Great news. Merci !
Can't you do a free webblock version with stevenblack hosts file (i guess root will be necessary) or parental dns like norton or opendns ? Thanks.
@fr_ju: Fred, if interested to get the app translated you may want to consider to announce it here.
kurtn said:
Before selecting a name for an app, you should search XDA for that name. In case of heimdall you will find the Linux version of Odin. The well known Samsung flashing tool.
Click to expand...
Click to collapse
You're certainly correct and it would make it easier to distinguish. However, I doubt that the name of a Norse god bears a copyright or trademark, and Heimdall(r) seems to be a good patron of an application with the desired intention. But as Fred also asks for ideas about the app's name, how about "Heimdall's Horn" i.e. Gjallarhorn.
Well. I'd love to use this app, but I can't install it from the play store.
Apk available?
Hi all, thanks for your comments. I'll try to answer all your questions:
- I actually knew about the flashing tool before selecting Heimdall as name, but I believe most people actually doesn't know about the flashing tool (except maybe on xda). And I like the sound and meaning of it.
- concerning impossibility to install Heimdall on Huawei: I actually had to block all Huawei, Honor and Xiaomi devices due to incompatibilities. These manufacturers heavily modify Android and Heimdall protections are randomly disabled on theses devices.
- concerning the settings app which is always blocked: at the beginning I were only blocking some settings activities and not the whole app, but I quickly discover that it is actually complicated to cover all cases due to all different or modified version of Android. So I chose the easy way, but this is not the first time I heard complaint about that so I will think about it and try to find a better way.
- concerning the remote control: for now I want to avoid sending data to a server (for several reasons, including the privacy protection). So having a remote control in that condition is not that simple. I may extend the existing remote control via SMS in the future to support more use cases, but for the user it is not as simple as other solutions.
fr_ju said:
- concerning the settings app which is always blocked: at the beginning I were only blocking some settings activities and not the whole app, but I quickly discover that it is actually complicated to cover all cases due to all different or modified version of Android. So I chose the easy way, but this is not the first time I heard complaint about that so I will think about it and try to find a better way.
Click to expand...
Click to collapse
One way that it may be done is to allow the used to optionally block activities instead of whole apps. You should be able to get activity lists from blocked apps. You can ship the App with the whole settings blocked by default and allow users to fine tune the blocking if needed.
fr_ju said:
- concerning the remote control: for now I want to avoid sending data to a server (for several reasons, including the privacy protection). So having a remote control in that condition is not that simple. I may extend the existing remote control via SMS in the future to support more use cases, but for the user it is not as simple as other solutions.
Click to expand...
Click to collapse
Your concern for privacy is commendable. SMS control is nice but won't work for devices without cellular connection, such as tablets or phones running without a network plan and/or SIM cards (such devices are popular with kids in my corner of the world). If you decide to go with some form of cloud messaging, please use GCM as it's the de facto standard. If you're targeting non-Google devices, I hear MQTT is good, but you'll have to have your own infrastructure and have users exclude Heimdall from battery optimization.
Steelskinz said:
Great news. Merci !
Can't you do a free webblock version with stevenblack hosts file (i guess root will be necessary) or parental dns like norton or opendns ? Thanks.
Click to expand...
Click to collapse
I can tell you how to recover the mail data. I recently lost very important letters. And I tried to restore them. But did does not work out. Therefore, I tried to use one of these utilities . To my luck, everything turned out. Perhaps this will help you too.
Kids Dashboard free app and free cloud (Basically you are making dashboard kiosk like small mdm)
PLAY STORE LINK : https://play.google.com/store/apps/details?id=com.tabnova.aidashboard
Cloud Login: https://cloud.kidsdashboard.com
Main site : http://www.kidsdashboard.com/