tag:help.masterpassword.app,2014-09-03:/help/discussions/problems/28-security-of-master-passwords-android-appMaster Password: Discussion 2014-09-06T18:19:39Ztag:help.masterpassword.app,2014-09-03:Comment/344656792014-09-06T18:18:49Z2014-09-06T18:19:39ZSecurity of Master Password's Android App<div><p>Thank you for your message!</p>
<p>First of all, please note that the status of the Android
application is currently "technical preview"/first beta. That's
also why it isn't on the store as it is now.</p>
<p>On your concerns:</p>
<ol>
<li>We will definitely be making improvements to the
confidentiality of your master password and other sensitive
information. There's a lot of things to consider on this front, and
the app will not hit the Play store until it is full and ready on
this front.<br></li>
<li>I have very little interest in obfuscation. While I may include
a ProGuard phase for trimming the binary, I see little to no
benefit at all in obfuscation. First of all, obfuscation has close
to zero relation to actual security against the type of aggressors
you really need to worry about; secondly, Master Password is fully
open source and GPL licensed. Trying to obfuscate the source in the
binary when it's fully public on GitHub is pretty ridiculous. I'm
willing to investigate what steps can be taken to guard against
masking a custom Master Password build as an official one, but
please don't expect miracles on this front: Any client-side code is
nearly completely out of my hands and most any protections against
client-side injection are fatally flawed while serving mainly your
false sense of security.</li>
</ol></div>Maarten Billemont