Question about toxcore

[zezaku]

Hello.
What u think about this TokTok/c-toxcore#426
?Is this issue fixed on aTox?
Thank you.

[robinlinden]

Hi!
I think you're better off reading the comments in the thread, but in brief, while it's not good that Tox is vulnerable to KCI, and there is work ongoing that would solve this issue, it also requires your secret key to be compromised.

aTox uses TokTok/c-toxcore (v0.2.12 right now) with no special patches, so if your Tox profile is stolen from aTox, the attacker can both impersonate you to your contacts, and impersonate your contacts to you. aTox does however store your profile in the internal storage area, meaning that no other apps can access the files, and that the profile is stored encrypted on newer Android versions.

TL;DR: It's not good, but requires your profile to have been compromised, and aTox has no special safeguards against it.

[robinlinden]

Closing this since it's been over 2 months with no follow-up questions or activity. Feel free to reopen or open a new issue if there was anything else! :)