AIR GAP, the urgent feature
Encryption is very important to protect confidential data, but with the every day growing computer power the brute force attack can be successful done even by a hacker with a home computer.
In addition, any encryption software may have bugs that an attacker will exploit to facilitate the access to the confidential data. In this video a security expert shows how to exploit a bug and by-pass the encryption of a very popular in just 2 minutes:
https://www.youtube.com/watch?v=YL4yQRw69oo
And more, Edward Snowden made public that governments can copy any data on Android, iOS, Windows Phone and possibly others, and log the keyboard, including your passwords.
That is a difficult scenario, encryption alone is no longer an option.
The answer is "air gap". In addition to encrypt, the confidential data should be stored in a media that is not permanently attached to any device, creating the so called "air gap".
The encrypted data base may be stored in a removable SDCard or a memory stick (pen drive) that can be easily connected to devices with USB-host feature.
Surprisingly, no encryption software allows the air gap functionality, and some even "protect" the passwords keeping it fully exposed on cloud servers that are well know by sell the users data to governments and for advertising. Is the protection for dumbs.
Is very easy to implement air gap on Safeincloud:
Give the user the possibility to choose where the encrypted database is stored (SDCard, USB memory stick)
Give the user to open the encrypted database from any location after the APP is open
Do not create problems for the user to sync the database with the file stored in a computer by using third part sync software, like Goodsync. Keep the encrypted database consistent among different platforms, the file should be the same for computer and device, without any conversion (maybe already is like this).
Take a step ahead, give the use the option to include an additional protection layer, allowing to store the encrypted database inside an encrypted container, like a Bestcrypt or TrueCrypt container (there are some Android APP compatible with such containers). I call this cross-protection.
For the users that are reading this: vote one my suggestion and help yourself.
Sukhoi
Expert on data security

4 comments
-
Ismaylov commented
It is correct to say that for the very secret data the best is avoid have it in a device, but at the same time there is no perfect security solution.
What we can do is the maximum number of barriers to protect our sensitive data, and this suggestion to implement the 'air gap' is excellent to strength the safety. -
hmuenster commented
In my opinion, this software (or almost any software running on a phone) cannot be made invulnerable to a government 'attack'. All I am looking for in software of this type is that if my phone is lost or stolen that my data cannot be retrieved by whoever picks it up, Or that someone sniffing a WiFi link can't read that data.
Any data that I'm worried about the government getting I would not keep on my phone,
-
Jon commented
Great suggestion!
-
Mark commented
Air gap seems to be effective to improve the security. Thanks for your suggestion.