asked 2014-10-07 16:15:12 +0300
F-Secure answered to my question on using F-Secure KEY with Jolla phone, that I could try it but community should be contacted to get answers. So, is it secure to use security software android versions on Jolla or are Sailfish apps more secure? I don't want to try the app and jump to darkness when it's about security software.
answered 2015-01-02 14:01:32 +0300
I've heard only one major security issue regarding password managers in Android and its related to moving passwords trough clipboard (in automated manner): http://arstechnica.com/security/2014/11/using-a-password-manager-on-android-it-may-be-wide-open-to-sniffing-attacks/
That said I'm using Lastpass premium, you can download apk directly from: https://lastpass.com/lpandroid.apk and works mostly fine on Jolla. Quitting app doesn't work from inside of the app and it cannot use softwares own internal keyboard.
answered 2015-01-01 09:44:47 +0300
Now we can copy-paste from Android apps (1.1.1.27 Vaarainjärvi), so Key works, one can use it to copy-paste login info to required fields. Not as smooth as in PC version, but at least it works, one doesn't need to remember all passwords anymore. And because it is F-Secure product, I fully trust it.
I've heard only one major security issue regarding password managers in Android and its related to moving passwords trough clipboard (in automated manner): http://bestgadgetsite.commobile price list
mobile price ( 2015-01-03 18:30:04 +0300 )editanswered 2015-02-21 15:33:23 +0300
I'd say SailfishOS apps are more secure and privacy-aware in Jolla than the droid/Google-ware.
I wouldn't trust any android-solution (Google Play Service or AlienDalvik based) in Jolla for security or privacy-aware apps. Also, my trust on F-Secure has greatly diminished lately because of the Younited fiasco by which the service never came available natively for #SailfishOS and now the service has IMO been sold and servers will be hosted under U.S.-based company and located also there eventually - for directly accessible for NSA/GCHQ et.al surveillance practises and data collection.
For secure and privacy-aware key/password/private info store and solution I've been using native ownKeePass app for Jolla/SailfishOS and it works fine/securely in Jolla phone and enables sharing of the key-store too, so that the keys can be used in other platforms too. You can get the latest version from OpenRepos and additionally the developer very actively develops the app further and actively responds to feedback :)
https://openrepos.net/content/jobe/ownkeepass
Edit: link to the source-code of OwnKeepass for all those who don't trust the indepedent developers that submit cool apps to the OpenRepos SailfishOS repository: https://github.com/jobe-m/ownkeepass
Although Younited got sold to US I still trust Key, it's completely different product, and it still belongs to F-Secure. Which one do I trust more, one of worlds leading security companys or some coder in OpenRepos whom I know nothing about...
Key works both on my Jolla and on my Win7 laptop, I have no reason not to use it. If one doesn't trust copying through clipboard, one can check passwords in Key and then type them to proper fields, one doesn't need to copy/paste.
MikaN ( 2015-02-21 20:21:27 +0300 )edit@MikaN Here is a link to the source-code of ownKeepass in GitHub, just report to the developer or us here if you find something alarming or problematic, in regards to security/pricvacy specifically, in that code base.The password store that OwnKeepass uses is not stored in any companys sercers, but you can decide it youtself where to keeo it. And, there are clients for most OS:es and platforms that can use and utilize the key-store file/format that this app uses. https://github.com/jobe-m/ownkeepass
foss4ever ( 2015-02-21 22:08:26 +0300 )editanswered 2015-02-21 12:16:54 +0300
I have an android phone now for this. When Sailfish version is released, could someone inform here?
Asked: 2014-10-07 16:15:12 +0300
Seen: 1,290 times
Last updated: Feb 22 '15
I have Key installed. When started it propted to create master password which I did, and then I got message stating 'Unfortunately, F-Secure Key has stopped.' And there's OK button. Tried couple times to run KEY but with the same result.
So it seems it's a no-go at this time =(
MikaN ( 2014-10-07 18:00:17 +0300 )editNot sure about security, my guess KEY keeps everything on the server and transfers data in encrypted form. At least i found nothing in file system except log file. From that point of view see no difference between android app and native sailfish if appears. And KEY works fine with me on Jolla (however i don't use all functionality). All passwords are synced with my other devices, premium subscription was purchased from desktop. Version 2.0.16. There was an issue with some previous version, but not only for Jolla.
SergeiStPete ( 2014-10-07 18:48:31 +0300 )edit@SergeiStPete, how did you install Key? I used APK downloader and got Key from play.google.com, but it's not working. 'Unfortunately, F-Secure Key has stopped.' is all I get... I purchased premium, but how to enable it.
MikaN ( 2014-10-08 20:13:45 +0300 )edit@MikaN, i installed it few months ago from Goggle Play, when the KEY only appeared, after that only updated it. Premium was always purchased from desktop. There were problems from version to version with sync, but at least it works on Jolla. With current version i cant connect another device from Jolla, but sync works even if KEY shows Free key. Google play also installed long ago, dont use apk directly.
SergeiStPete ( 2014-10-08 23:48:35 +0300 )edit@SergeiStPete, I installed Key again, this time without APK downloader. Now it seems to work partly. I logged to my account and synchronised my devices, this far it works. But I can't copy/paste usernames/passwords from Key to Browser. Key says 'password copied to clipboard' but I can't paste it to other app. I think we need native Sailfish app...
MikaN ( 2014-10-10 09:59:25 +0300 )edit