Does APS encrypt the names of the password entries, too?

[m41t]

I know that default pass package on ubuntu doesn't encrypt the names of the passwords, so, it is possible to view the names of the entries without decrypting the password store folder.

A way to mitigate this annoyance (and privacy leak) is using pass-tomb extension (which is listed on passwordstore.org).

I wonder, if APS also integrates something like pass-tomb so that APS doesn't leak the password entry names.

[msfjarvis]

APS doesn't require you to use your actual password names anywhere in the file. We support multiple layouts for your password store, one of which is having filenames be work/example.com.gpg and the username is part of the password file's contents are something like this:

my-complex-password
username: john.doe

Additionally, we strongly recommend users allow APS to clone their git-enabled store in its private data directory where neither the users themselves nor any other app can trivially access them as is the case with Linux where anything you install can crawl through $PASSWORD_STORE_DIR.

[m41t]

In your first example, someone looking at the android file system would see that I have a password for example.com and it is labeled under work directory.

This is the kind of privacy leak I am trying to prevent.

Additionally, we strongly recommend users allow APS to clone their git-enabled store in its private data directory

How can I do that in android?

[msfjarvis]

Additionally, we strongly recommend users allow APS to clone their git-enabled store in its private data directory

How can I do that in android?

On the latest version (v1.13.2) of the app when you choose the option to clone from Git, your repository is automatically placed in the app's internal data directory.

[m41t]

So the APS itself creates a private data directory, which doesn't show the folder names of the passwords I store?

I want to switch to pass and APS from Bitwarden, however, Bitwarden doesn't leak my passwords' names/services that they belong to.

[msfjarvis]

The names will always be there by nature of pass using a file-based structure as opposed to a single database of sorts. pass-tomb encrypts your entire directory into a single file to prevent Linux userspace from being able to see it, and on Android the app sandbox and UNIX file ownership permissions prevent anything but APS from being able to see the contents of its own data directory. Your password names aren't being leaked just by virtue of existing in the Android app.

On Linux you cannot trivially mark a directory as off-limits for everything but the pass CLI, because the granularity for this only exists at a user level and you, as the user, would like to be able to access your own store. On Android, each application is its own 'user', and thus the framework is able to ensure that data created by application A cannot be seen by application B, unless it's placed in a common free-for-all storage directory, like your Downloads folder. Because of this precise reason, we push for users to stick with Git as their sync mechanism of choice and automatically store their passwords in our private directory without exposing the unsafe 'external storage' option, because it's a safe default that works well.

[m41t]

Hey thanks for this explanation. It was useful.