Core Apps » ChatSecure:Android

Project *Core Apps  » Bazaar  » ChatSecure:Android  » KeySync  » Orbot  » Orfox Private Browser  » Orweb  » Secure ReaderCacheWordIOCipherNetCipherPanicTrusted Intents  » CheckeyLibreoSpideyStoryMaker™SecureSmartCam  » CameraV (InformaCam Project)  » ObscuraCam

Tracker *Bug Feature Task

Subject *

Description Gibberbot had an option to have "In-Memory Message Storage Only". What this meant is that no messages were ever stored to flash memory and were instead kept in system memory. Chatsecure removed this option. I believe that the reasoning for removing the option is as follows: If messages were stored in system memory (RAM), then any program (perhaps only with root) could retrieve the messages. However, chatsecure now has local encryption, which means it is possibly safer to store messages to the flash memory. However, I believe the option should be reimplemented for the following reason: For the encryption to be good, the user would have to use long passwords - but realistically most users will use less than 20-character-long random passwords. This means that if the phone is detained (by police, border agencies, thieves), they can still easily recover the messages from the flash storage - the most you are usually able to do in such situations is to quickly take the battery out which does not prevent this attack. If the messages were only ever stored in RAM however, then taking the battery out will immediately prevent the attacker from ever recovering the messages because they simply no longer exist on the device. (and cold assisted attacks on memory stored on cell phones are not as efficient as they are on computers) Additionally, there are many scenarios where losing a message (because it was stored only in RAM) is preferable to having the message recovered by an adversary. In the above scenario, it means that chatsecure is less secure for chat than gibberbot and an upgrade cannot be advised.