Android Passwords are stored in plain text on Disk
A Android user complain that , All passwords are stored in plane text on Disk via a message on discussion board of Android.
He said "The password for email accounts is stored into the SQLite DB which in turn stores it on the phone's file system in plain text.Encrypting or at least transforming the password would be desirable."
He said "The password for email accounts is stored into the SQLite DB which in turn stores it on the phone's file system in plain text.Encrypting or at least transforming the password would be desirable."
On this Android Support "Andy Stadler" Reply that :
Hello-
Thanks for the information and the feedback on this concern.
First, I would like to reiterate the notes made by a couple of you, which is to remind users that if you are concerned about this issue, *please* simply click the star. Every time you respond "please fix" or "should be fixed!" it sends email to over 200 people.
Second, please know that we take information security very seriously, and this is baked into the Android platform at multiple levels.
Now, with respect to this particular concern. The first thing to clarify is that the Email app supports four protocols - POP3, IMAP, SMTP, and Exchange ActiveSync - and with very few, very limited exceptions, all of these are older protocols which require that the client present the password to the server on every connection. These protocols require us to retain the password for as long as you wish to use the account on the device. Newer protocols don't do this - this is why some of the articles have been contrasting with Gmail, for example. Newer protocols allow the client to use the password one time to generate a token, save the token, and discard the password.
I urge you to review the article linked to in comment #38, which is well-written and quite informative. It provides some very good background on the difference between "obscuring" passwords, and making them truly "secure". Simply obscuring your password (e.g. base64) or encrypting it with a key stored elsewhere will *not* make your password or your data more secure. An attacker will still be able to retrieve it.
(In particular, some claims have been made about some of the other email clients not storing the password in cleartext. Even where this is true, it does not indicate that the password is more secure. A simple test: if you can boot up the device and it will begin receiving email on your configured accounts, then the passwords are not truly secure. They are either obfuscated, or encrypted with another key stored somewhere else.)
To the author of comment #44: If you can obtain *any* data from files in /data/data/* on a non-rooted device, this is a security problem in the device, not a bug in the Email program. I urge you to contact our security team and provide more information (details here: https://developer.android.com/guide/appendix/faq/security.html)
Having said all this - rest assured, I am not closing this bug. We recognize that this is causing concern for some users, and we're going to look at identifying steps that can make your data more secure.
Andy Stadler
stadler@android.com
Every User Request to Fix this Problem as soon as Possible. We hope via this article of THN , other Security experts will also share their review and solutions with Us and Google :)
