DTTG does not request password for password-protected DB

willi136 · July 21, 2017, 7:29am

When I open a password-protected DB with DTTG 2.1.7 on my iPad mini (iOS 9.3.5) the DB opens automatically; no password prompt appears. But on my Mac it always works as intended: each time I launch DTPro 2.9.13 on my Mac it asks for my password.

I thought I maybe had some sort of auto-login feature turned on in DTTG, but even when I removed the password from the Info pane of the DB it makes no difference: no password request ever appears. This means the DB is completely unprotected on my iPad, in contrast to my Mac.

What makes it also very strange to me is that I have an earlier version of DTTG running on an old iPhone (iOS 7.1.2) and the DB opens as expected, with a password prompt.

Am I doing something wrong, or is this something which needs to be treated as a bug? Thanks for any insights.

eboehnisch · July 21, 2017, 8:51am

That’s correct, current DEVONthink To Go relies on the device-wide encryption and protection. Adding at least an app-wide password is on our feature request list.

mry · July 31, 2017, 6:04pm

Yikes. I was relying on the older version’s behaviour. Need to re-think my mobile DB situation in light of the lack of database-level encryption.

eboehnisch · August 1, 2017, 2:27pm

As the device itself is protected with your fingerprint and all data is encrypted system-wide, as soon as someone gets your unlocked device they have access to also your email, messages, browsing history, …

macdiverone · August 17, 2017, 7:48pm

My words since…

Had to remove all my stuff since no additional security layer exists before entering the US in June.

Regarding to mail that was an easy job - toked only seconds to remove my S/MIME certificates to render all unreadable and make it visible again after leaving the US by simply reinstalling them from safe source I hadn’t physicaly with me whilst traveling there.

Unfortunately DTTG wasn’t that comfortable. Had to erase everything (xx GB) and to reinstall for hours due to the lack of extra level of cryptographic security, since they (Homeland Security) could force you to unlock your device with ease and the IOS cryptographic security layer is gone.

But if there were additional layers of cryptography bound to an certificate, like with S/MIME, simply deleting it will do the trick and reinstalling it later will do the job just the other way around within seconds.

And more: no one can force you to enter something, you’re not in possession of at the time being…

BTW: This is a real case if entering states with human rights in question like the US. My customers, EU law, German law and at least the confidential nature of the data doesn’t permit this data to be carried to the US without rendered inaccessible for their executive.

To put it short: please establish this security layer as soon as possible not only for the database, it’s needed for the whole content and also do not rely on passwords, refer to certificates with passwords instead, which could simply be removed and being not accessible out of countries where it’s needed, where complete copies of devices will be taken at border crossing and passwords will be pressed off from visitors by law as in Texas for example.

Making data inaccessible and accessible again is then as easy as an fingersnip…

And: Just to do me a favor and just to please me: do it before I must go to the US next time…

Sorry to say: I loved this country. Those were the days

Dietmar

eboehnisch · August 17, 2017, 8:36pm

We are considering adding an app-wide security layer that works with your fingerprint. We do not consider adding e.g. a removable certificate, even though we see the use case (and as global citizens we don’t like this kind of policy too). Actually, this is the first request of that kind.

macdiverone · August 18, 2017, 11:31am

Hi, I personally asked for this long time ago.

Please do not rely on touch-id although this is comfortable.

Security has never been as comfortable as being insecure.

And touch-id does not withstand being forced to press the button with your or your faked finger which could be ordered by executive forces nearby everywhere without a judge, whereas a password to be keyed in withstands most countries code of conduct (without some even in the US) at e. g. border gateway control. Removed certificate with simplicity withstands all such orders and attempts, since you cannot give, what you don’t have any more or even never had. Who knows…

Programming efforts should not be so much higher at least, even if you offer unlocking the certificate with touch-id when on secure ground (and certificate is present).

Even US own security advisors (NIST) force US officials to behave this way (NIST SP 800-xxx) by law when carrying confidential material for whatsoever reasons in whatsoever countries (including th US itself. Believe me, they know the reasons why strong cryptography shall be used at any times).

Let’s have a look at Data Protection Laws (Germany / EU (BDSG, DSGVO, GDPR)): they require the respective data to be protected with strong measures and do not allow to rely on weak measures (which the IOS protection is from that point of view, since it is vulnerable to tampering with the press of a finger or by simply get no or a weak PIN as “security measure” - who knows?).

Physicians (with patients data) or tax advisors, lawyers, pastor (with their clients data) or pharmacists (with prescription data) for example who carry such sensitive personal data within such easy to weaken devices were exposed to at least StGB §203 in Germany even yet.

CEOs and such: §43 GmbHG, §130 OWiG (Germany) and so forth.

Most of them actually not even think one single thought about that (and if, they tend to close their eyes), but from May 25, 2018 on in the whole EU there will be more though and rigid sanctions to the data controller (“the/your company/YOU”) including (“must be applied” instead of “can be applied”) fines of 20.000.000€ or 4% of the worldwide yearly (!) turnover of their respective companies whichever is higher even if a data processor (“the contractor”) failed to met the regulations.

Giving the mobile application an appropriate strength now, could, as you see, be a marketing argument as well, preventing your customers from traveling with emptied devices as much companies order their employees already, when they have to travel to countries with privacy or humans rights in question.

Just my 2ct.

Dietmar

eboehnisch · August 18, 2017, 5:05pm

Thank you for elaborating more in the possible issues. What should happen to e.g. data provided through Spotlight? As soon as we reactivate Spotlight support the data would be searchable, even though only superficially, and opening it in DEVONthink To Go would, of course, then require the password.

macdiverone · August 18, 2017, 8:01pm

As any others handling sensitive data do: make it and it’s behave an optional service…