[Discuss] Android as a password safe

[tmetro+blu at gmail.com (Tom Metro)]

Kent Borg wrote:
>> Not exactly high marks for convenience. 
> 
> I don't know how to get that high convenience and not have really scary
> endpoint security risks. If it is so easy for me to root my phone...and
> I download lots of cool free apps written by complete strangers...how to
> I know who is listening in when I enter my master password?  How do I
> know what app has figured out how to do key look ups while the database
> is decrypted?  Every damn app thinks it needs full internet access...

I don't disagree with your points, and I don't know of any way to boost
the convenience while maintaining the same level of security as having a
separate device, short of hot gluing your password phone onto the back
of your regular phone. :-)

But I can imagine ways that Android could someday come closer to
providing an adequately safe environment for a password safe.

-Run an open source distribution of Android, that has been reviewed from
a security perspective, and contains no carrier bloatware.

-Don't run rooted.

-Run an application firewall that both limits permissions and net access.

-Don't run a third party keyboard app.

-Have the password safe app run with additional privileges that permit
it to disable 3rd party keyboards, shut down networking, and take other
steps to lock down the device for the duration that the password data is
unlocked.

It's never going to be as good as an isolated device, but it can be made
much better than it is today.

Another option that's still inconvenient, but maybe less inconvenient
than carrying multiple devices, is to have multiple bootable images on
the device. Then you could have an isolated (and encrypted) Android, or
maybe Ubuntu, boot image that gets used for your password safe only.

 -Tom

-- 
Tom Metro
Venture Logic, Newton, MA, USA
"Enterprise solutions through open source."
Professional Profile: http://tmetro.venturelogic.com/