In the “Import and Export” settings, the fork app recommends encrypting the user’s Syncthing configuration before exporting it to the backup path. I appreciate the option to backup my settings. This makes sense.
What doesn’t make sense - is that the export encryption password is stored in plain text in the app’s settings - and that the app opens on my device without any security hurdles.
Anyone else noticed this? Any suggested work-arounds?
What doesn’t make sense
I think we have different opinions here. The password is shown to remind users of what they set because if they keep a long-term ongoing Syncthing-Fork installation including updates on their phone, they might forget about the password. Encryption of the config export was added to prevent other apps that hold the required permissions to access the export file, potentially send it to a bad actor and the bad actor can show up as “your device” accessing your data whilst your genuine device is offline. This surely does not apply to all use cases and network scenarios where Syncthing is used, but a “standard user” in my opinion needs to be protected from this worst-case scenario.
So the user has to set a password. Security should be improved as far as it’s made harder for bad actor apps to access this password. Especially assuming that most of them wouldn’t do things like screen record, so it “may” be okay to show the password for convenience to the user. Remember you getting back to this screen after 1 year of usage, feel the need to revert your config, grabbing a 5 day old backup but…. “oh, what was the password?” Okay, let’s set a new one but you don’t like to do a new one right now?
Btw, honestly, if a “bad actor app” would be able to use root, screen record or the like, I expect hiding this password from the settings screen won’t help you to gain more security because the app could record you typing the password or directly dump it out of our app’s private data storage where Android stores the user password.
I hope this helps you a little bit to understand the thoughts on the matter. The “feature” may be partly right and wrong at the same time. If you have a better idea, feel free to help on this 
.
(With releases prior to v1.29.7.2, we’ve had no security in place for years regarding the config export… this was a first step to improve and hopefully not the last contribution for it.)
I agree that the option to encrypt and backup the configuration is extremely valuable. It’s comforting to know that a bad actor can’t access the backup file store and ultimately access (or destroy) the synced data.
My comments were strictly related to having the encryption password in plain text inside the app’s settings. Would it be possible to hash the PW and/or store it in a asterisk ***** format? That way the user knows that there was a password used.
I have no data to support this, but I imagine that most syncthing users utilize a password manager application to store their secrets - so concerns about losing the future ability to decrypt and import the stored configuration shouldn’t pose a major problem.
I have no coding skills to assist with this. It’s not an urgent issue, and I am perfectly happy to wait as future improvements to Syncthing-Fork are rolled out.
Thanks for your great work on this project!
@NickPyz The password can now be shown/hidden with an eye-like button to click. Will be part of v2.0.8.1+. Implementation is not nice as the “old style” preferences screen in use by the app doesn’t have a builtin way of doing this toggling but it works.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.