App security (new KeepassRX app)
-
I saw the new KeepassRX app pop up in the app store and I'm very interested to try it. Normally I'm not that that strict with security and trust the systems and people in place. However, this app will have access to all my passwords and made me wonder. Are there any security checks before an app is added to the app store? Can we for example be sure the package is built from the linked source code?
-
C CiberSheep moved this topic from General
-
This has been on my mind too.
I wish there was an strict firewall native in Ubuntu Touch so that we would see and control what is allowed to talk. A local Keepass should not talk to the internet.
Samsung Fold5
will switch to
Volla Quintus UT 24.04-1 -
@t12392n said in App security (new KeepassRX app):
I wish there was an strict firewall native in Ubuntu Touch so that we would see and control what is allowed to talk. A local Keepass should not talk to the internet.
If the app is confined (as this one is) you don't need to blindly trust that the package in the open store was compiled by the code that is linked, to be sure it doesn't phone home. If you know what to look for, you can download the .click package and examine the contents. The most important is the .apparmor file, which describes what permissions the packages requests from the system.
Here we see that this app is indeed confined, and it only declares the content_exchange policy group. This means that the app will not be able to access the network at all, because the networking policy group is not included in the apparmor.
-
@arubislander Thanks for the information, something like this is what I was looking for.
-
@RandomUser
The guy is super motivated and the app is evolving very quickly. It has already caught up with Focal and promises to evolve even further.
Really great! -
To be fair, this is a valid concern. I wonder if it's a good idea to notify users when an app update changes or adds new apparmor policy in the new version.
-
@kugiigi Was not saying the concern is not valid. Was saying it can be assuaged, and showing how. The permissions requested are also listed in the Open Store itself.
But you do raise a good point. Maybe like a dialog box listing the new permissions that are requested since the last update, which gives the option to proceed or cancel.
π¦πΌ π³π± πΊπΈ πͺπΈ
Happily running Ubuntu Touch
JingPad (24.04-1.x daily)
OnePlus Nord N10 5G (24.04-2.x daily)
PinePhone OG (20.04)
Meizu Pro 5 (16.04 DEV)
Google Pixel 3a -
@t12392n said in App security (new KeepassRX app):
A local Keepass should not talk to the internet.
Where did you get the idea that it does?
@arubislander said in App security (new KeepassRX app):
If the app is confined (as this one is) you don't need to blindly trust that the package in the open store was compiled by the code that is linked, to be sure it doesn't phone home. If you know what to look for, you can download the .click package and examine the contents.
All versions of OpenStore also show the permissions list and that should be the first thing people check, can't expect non-technical users to unpack clicks before installation.
Kind of related, we should probably update the popup when you install from a local
.clickfile to show more info and definitely show permissions. -
@klh said in App security (new KeepassRX app):
All versions of OpenStore also show the permissions list and that should be the first thing people check, can't expect non-technical users to unpack clicks before installation.
Fully agreed. But RandomUser did not strike me as someone who would necessarily trust second hand information. So I showed a way they could check for themselves.
-
@Vlad-Nirky said in App security (new KeepassRX app):
@RandomUser
The guy is super motivated and the app is evolving very quickly. It has already caught up with Focal and promises to evolve even further.
Really great!I'm not denying that, I can see the progress and appreciate all the work he's doing, genuinely. But you give the app access to all your passwords, I don't think it's unreasonable to be a bit cautious.
-
@RandomUser
Yes, of course.
That's already what I do with KeepassXC on my PC.
My choice is to do it locally and not on the Bitwarden or Dashlane web servers.
Most of them have MFA.
I understand your concern about having a clear view of what the application can use.
And Maciek's idea of blocking installation until we accept a change in the permissions granted seems excellent to me. -
@arubislander said in App security (new KeepassRX app):
@t12392n said in App security (new KeepassRX app):
I wish there was an strict firewall native in Ubuntu Touch so that we would see and control what is allowed to talk. A local Keepass should not talk to the internet.
If the app is confined (as this one is) you don't need to blindly trust that the package in the open store was compiled by the code that is linked, to be sure it doesn't phone home. If you know what to look for, you can download the .click package and examine the contents. The most important is the .apparmor file, which describes what permissions the packages requests from the system.
Admittingly, I am lacking full understanding of how this .click system works nor having deep understanding of how App Armor so I am at an disadvantage.
But thanks for the note, I will need to re up on both .click packages!
@klh said in App security (new KeepassRX app):
@t12392n said in App security (new KeepassRX app):
A local Keepass should not talk to the internet.
Where did you get the idea that it does?
My mistake, I should have been more clear that it was an example case that a password app should never need to talk with the internet, which believe it or not, is common with apps on Google Play store.
-
@arubislander @RandomUser
It could be a nice idea to allow the openstore to build itself to build the app:-The developer provides the repository with clickable app (github, gitlab, ect...)
-The openstore builds the app, when the developer wants to publish a new version, and publishes it alongside the source tarball.It would increase the level of trust.
-
@pparent That would mean that only open source projects would be allowed into the Open Store. While I am not opposed to that per se, that has never been the premise of the Open Store.
-
No this would be an optional option to get the badge "Built by openstore" (Or whatever it is called)
-
@pparent O I see.. I didn't get the optional part initially.
-
@pparent an alternative app store more akin to f-droid that only allows open-source apps and builds them itself would be also good.
Fairphone 5 (Not yet installed UT on it though)
-
how about ...f-droid ? following the actuality, they seem to not be entirely happy with Google just now. Technically it remains to be seen how complex it would be for them to build native UT apps and how complex it would be for UT to allow native apps installation from a waydroid app of course, something about which I have no idea
-
There is already, waydroid, libertine, snap, I think maybe we don't need an alternative store to make things even more complicated!
-
@pparent Waydroid and libertine aren't app distribution channels and snaps are just terrible (and centralized with a proprietary backend).
Maybe if there was proper Flatpak support in UT, but that still wouldn't give us click-packages.
