If you think that the #media files you receive on your end-to-end #encrypted secure messaging apps can not be tampered with, you need to think again! explore this new type of media form jacking below.
Conversation
This Tweet was deleted by the Tweet author. Learn more
Signal stores media in internal storage rather than demanding access to external storage and sharing it with other apps by default. WhatsApp, etc. are explicitly designed to share received media with other apps by default. They go out of their way to store it in shared storage.
1
2
Even with developer.android.com/preview/privac, apps can still go out of the way to use shared media. Most apps take a similar approach on iOS. Signal's approach of not sharing media by default is rare among widely used apps. Users can still explicitly share the media files with other apps.
1
2
There's a lot more to an app having good privacy characteristics than using end-to-end encryption. WhatsApp using the Signal encryption protocol doesn't mean that it offers comparable privacy and security when it comes to other things like not sharing your media with other apps.
1
2
This Tweet was deleted by the Tweet author. Learn more
They're explicitly choosing to share the media with other apps. To disallow other apps from reading it, they would simply need to use the standard storage inside the app sandbox. They're requesting the external storage permission and going out of their way to make it shared data.
1
1
2
This Tweet was deleted by the Tweet author. Learn more
It can mitigate a file access vulnerability in the app or the OS, which is why Signal encrypts the database with the hardware-backed keystore. It doesn't protect the data against an exploit of the app or the OS if it's not limited to file access though.
1
1
1
It doesn't let them keep the data at rest any more though. They would need to design the app to not require access to the database when the screen is locked or for an app-specific passphrase when the app isn't directly being used. It's not currently how these apps are designed.
There's an API to bind the hardware-backed key to the screen being unlocked, and it's simply a boolean they could set, but they currently require access to the database even when the device is locked. An app-specific encryption passphrase would be similar and takes that further.
1
This Tweet was deleted by the Tweet author. Learn more
I agree, but I think most app developers won't be interested in this. It's a hard sell even for the Signal developers. They could definitely implement it and they're part of the way there since the database is encrypted with the hardware-backed keystore on Android already.
1