Am Wed, 19 Aug 2015 08:06:11 +0200
schrieb Roland Krüger <ro.krueger(a)outlook.com>:
About not noticing when another backs your tokens up: Of course you
have to lock your phone with a PIN or padlock. That's where we have
Hm, for iOS with tokens in the keychain that might not be a big
problem. You could not backup without preestablished trust, and if you
can, you cannot recover them from backup as they are protected with a
device key. And you can selectively make the data backed up only if the
itunes backup is encrypted.
Not sure if Android offers a similiar protection. But if not, it would
at least be good to have an "exportable" flag on the secrets. And/or a
passphrase protection of the secret database.