Password Depot does not use a password to open your database directly but creates a 256-bit key based on your password instead (and an external key file, optionally).
If authorization was successful or when creating a new database (and we know the password in this case, so we do not need to ask for it again), the app stores this key in encrypted form to a private directory which cannot be accessed by other applications, that is, the key is stored to a secure location, which is protected by Android's operating system.
Furthermore, the Android app uses Android's detection process for authorization. The authorization code is executed only if the system confirms that the user has been identified correctly. And this very code reads the previously stored key before decrypting it afterwards. If this process is completed successfully, the app uses this key to open your database. If not, the key is deleted from the stored keys and you are prompted to manually enter the password.
Conclusion:
The app only uses Android's built-in authorization tools. It stores the key that has been generated from your password in encrypted form to a secure location. The app does not send the key anywhere, and other applications cannot access it. Moreover, the key cannot be used to restore your password.
Comments
Please sign in to leave a comment.