• XDA Forums have been migrated to XenForo. We are aware of several issues including missing threads, logins not working, and more. To discuss, use this thread.
  • If you are experiencing issues logging in, we moved to a new and more secure software and older account passwords were not able to be migrated. We recommend trying to reset your password, then contacting us if there are issues.

[APP][4.0+] Andrognito 3 - Hide Files, Photos, Videos Easily & Securely in Android

What Android version are you using?


  • Total voters
    0

aritraroy

New member
Jun 13, 2013
488
241
0
Kolkata
blog.aritraroy.in
Hello aritraroy,

Thank you for your great app. I wanted to give you some feedback on your app.

I have found a little annoyance in the first register and vault creation function, on CM12.1 its possible to put <enter> in the input fields.
To switch between those fields i have to escape the keyboard, maybe its nicer to use the <enter> to escape from the input boxes.

Thats it for now, thanks again.
Thank you for your appreciation. This suggestion is really a very nice one. We have taken it and have updated the app in the latest version.

Do check it out and let us know if this is what you had wanted. :)

We are also looking for some more killer feedback and suggestions from you. Thanks in advance. :eek:
 

aritraroy

New member
Jun 13, 2013
488
241
0
Kolkata
blog.aritraroy.in
I copied the whole Andrognito file to my sd before wiping my device. When TB didn't work, I deleted the app and tried by copying the files over, exactly as you said. Still when I open the app, it says I have 3 files in my vault, but only shows two. It says everything is correctly restored, but they are not. It's no big loss on my end, I was really just testing this out. But if I there is no sure fire way to restore a vault after switching devices or roms, I can't do much with this app. Any idea what went wrong? All three picture files are there in my folder, I just can only look at two.
Thanks for bringing this into my notice. I have also got some info from other users who are regularly switching ROMS and had no problems with this app.

The only thing possible is that somehow, one of the 3 files have been corrupted or tampered or changed in the middle of changing ROMs. Andrognito have been programmed in such a way so that it will only take those files into consideration which have not been tampered in any way. Just to maintain security and prevent malicious data injection.

I would recommend you to test this with some other test files and see if you can reproduce this. Please bring this into my notice if you find anything good. Thanks again.

Btw, how are you liking the overall app? :)
 

DrRuckingFetard

New member
Sep 5, 2013
124
14
0
Sydney
Just installed Andrognito and bought the premium version, after adding a bunch of files to 3 vaults, whenever i try to switch vaults it keeps coming up with wrong pin error, although I haven't made a typo and it now refuses to show all files on startup when opening the app so now i've lost access to many files that it now won't open, not happy :(

edit: this is on my Nexus 5 running Dirty Unicorns, kitkat 4.4.4
 

DrRuckingFetard

New member
Sep 5, 2013
124
14
0
Sydney
installed and tried the same thing on my Nexus 7 2013 running Lollipop 5.1 Dirty Unicorns and the same thing happens when trying to switch vaults in the side pane, consistently saying wrong pin for both vaults when it's the same PIN i used to open the app
 

Attachments

d0pecr4wler

New member
Apr 1, 2012
380
106
0
City 17
Hmm... that sounds weird.
Normally my vaults are kept open for quick access,
so they don't have a pin code.

But I created two test-vaults, one w/ the same pin as my login pin
and the second one w/ a complete different pin.
I gain access to both of 'em w/o any problems,
the app prompts me to type in the pin, I do so
and it opens the vault, so I can't repdroduce that behaviour.

Here you can see it.

Going from the first vault (test_00) into the second one (test_01).
And going back from the second vault into the first one.
 

Attachments

aritraroy

New member
Jun 13, 2013
488
241
0
Kolkata
blog.aritraroy.in
Just installed Andrognito and bought the premium version, after adding a bunch of files to 3 vaults, whenever i try to switch vaults it keeps coming up with wrong pin error, although I haven't made a typo and it now refuses to show all files on startup when opening the app so now i've lost access to many files that it now won't open, not happy :(

edit: this is on my Nexus 5 running Dirty Unicorns, kitkat 4.4.4
I can absolutely understand your problem. Even I myself would have been irritated if I would have faced this kind of a problem in my first try.

But I can assure you that this is not the way the app is supposed to work and I have not got any reports of anyone having this particular problem. But don't worry I would surely try to help you on this.

1) Please ensure that you are using the latest version of the app from Play Store, that is 2.0.14.

2) I m sure that this is not a bug in the app and I can also understand that its not a typo while entering the PIN. The only thing that have happened is that while creating the Vault you may have mistakenly made a typo. So now everytime you try to switch Vaults, you are getting this error.

3) Your files are safe, do not worry. You can go to Settings > Vault Settings > Change PIN option. Just select any Vault and change the PIN and now try to open that Vault with the new PIN. It should surely work.

4) I can also give you a nice trick. You can open the "Change Vault PIN" dialog and then without entering any PIN just hit "DONE". It will clear any existing PIN and make the Vault open for quick access.

Please try these and let me know if you still have any problem. I would love to help you on this further. :)
 
  • Like
Reactions: DrRuckingFetard

DrRuckingFetard

New member
Sep 5, 2013
124
14
0
Sydney
I can absolutely understand your problem. Even I myself would have been irritated if I would have faced this kind of a problem in my first try.

But I can assure you that this is not the way the app is supposed to work and I have not got any reports of anyone having this particular problem. But don't worry I would surely try to help you on this.

1) Please ensure that you are using the latest version of the app from Play Store, that is 2.0.14.

2) I m sure that this is not a bug in the app and I can also understand that its not a typo while entering the PIN. The only thing that have happened is that while creating the Vault you may have mistakenly made a typo. So now everytime you try to switch Vaults, you are getting this error.

3) Your files are safe, do not worry. You can go to Settings > Vault Settings > Change PIN option. Just select any Vault and change the PIN and now try to open that Vault with the new PIN. It should surely work.

4) I can also give you a nice trick. You can open the "Change Vault PIN" dialog and then without entering any PIN just hit "DONE". It will clear any existing PIN and make the Vault open for quick access.

Please try these and let me know if you still have any problem. I would love to help you on this further. :)
1) yep latest app from the Play Store (2.0.14) on both devices, just downloaded it a few hours ago.

2) I've created several vaults on 2 different devices and the same thing happens on both, consistently saying wrong pin when switching vaults and not showing all files when clicking "Files" in the side pane.

3) Yep i know the files are safe and still there, the only problem was decrypting/being able to access them :p
I tried changing the PIN through the vault settings, to PINs such as 0000 to avoid any possible typo and still have the same error.

4) Changing the vault PIN to blank now finally makes the vaults accessible again, but makes them insecure so anyone can open the app.. now using the TimelyPIN feature as a work around for my problem, removing all individual vault PINs while still requiring a PIN upon startup :)

thanks for the help, strange this is happening on 2 devices while no one else has encountered this :confused:
 

Sachitoge

New member
Nov 16, 2014
112
25
0
Aaand here i came back after using it frequently, here is what i got.

My Suggestion is implementing asap the app data folder (i mean main files like vault inside, database, backups like auto backup) being asap able to move on external sd card. Its bad to have only Vault in SD card, because if i loose or if my device broke, i wont be able to get my files back without database + pin code (cuz without database, u know the encrypted file will be a piece of junk without it, get it?). Being able for move could be done for already now! Just tag it as highly-experimental (due kitkat and lolipop sd card permission rules, it needs root to unlock SD card Permission). Just claim it u too! U cant have access by finding a secrity-hole and use it, even so, it would be risky, just tag it for advanced ROOT users so we, paid users can safely use app to store pictures without living in fear of phone getting damaged (like drops etc). Its not just pics, but even files are so, and im really afraid of it getting unable to decrypt it, you should know it, we need the main Andrognito2 folder in external SD card.

And I spotted issue.
It happens when app is hidden among other apps, thus i use google search to find the app and launch.
And on CM12, the expermental feature app launching from dialer is not working (have modifier on).

I am using CM12 18 april nightly build 5.0.2 Android version.
As of crash i mentioned above, it's when i go to menu and select something from the menu, then it crashes. Other than that, it is fine and works good to go in vault and browse it.

Thanks

I hope you add it for us advanced root users, with ability to choose it in app! (Not inbuilt app data mover which is sucky)
OP, u should already know its super risky if a device fails when sd cards are alot more durable! Thanks!
P.S: as u may know, SanDisk made 200GB MicroSD card (i think its not yet to sale). I hope you understand how much better it is to use those space =))


I found a way for well known root users that can solve their own poblems themself a way to safely store all your Andrognito encrypted files into SD Card while being encrypted too! I am using FolderMount (ROOT App) that let's me create a custom source file being able to bind with a folder in SD Card. I binded the /storage/emulated/0/Andrognito2/Vaults (dunno if i spelled right) to /storage/sdcard1/Andrognito2/Vaults. It works brilliant! Both Encryption and Decryption hassle-free! During decryption, it gets the file back to Internal Storage back (In Andrognito2 folder). As of problems, so far i only found if you fail to mount it, the vault gets corrupted with a message popping that it's corrupted, so if you're going to do it now, make sure always it's binded by going into app.
For now, the app is a PAID app! (it's free, but this function of the app is paid with a in-app billing one-time payment, and yes supports FEW Lolipop devices including S5 5.0 ROM and AOSP ORIGINAL ROMS example most or maybe all of the Google devices similar to Nexus model).
If you got a better way that is free, it's very nice from you to share it here for users here to experience this while the OP makes it fully available for external SD Card.
Ahemm there is a function in Lucky Patcher app that does same thing, but it was VERY hard to figure out how it really worked, so i just couldnt do it and sticked with this app.

Now let's move to risks, there is a big risk because all the database is in your phone itself, and thus if your phone fails, your encrypted files are gone too! if you factory reset (sometimes if ur lucky it wont get removed, so was for me at least) there is a chance you might lose the database. If you do hard reset (flashing new ROM) you'll loose it. I am manually backing it up! do it like me, backup the database, but never bind it! if you bind all Andrognito2 Folder, during decryption, your files will just get immediately deleted since it doesn't properly decrypting it (just dont bind Andrognito2 folder, you'll be fine then).


Got anything wondering? hit me up im glad to answer your question about this if you got anything.

Aaand one more thing OP, the file is not readable as .jpeg format (i couldnt test it ever since last update you pushed if it reads .jpeg image file format, cuz my device bootlooped and kabooom i lost all my files including jpg and jpeg, luckily i had them on cloud haha).

Aaand last thing is .gif which doesn't support .gif playback (shows as a normal picture. It's handy to keep some .gif ;) if u know what i mean mwahahaha :) )
 

pulser_g2

Admin Emeritus / Senior Recognized Developer
Nov 27, 2009
19,538
11,594
0
I saw this on the portal, and figured it was worth a look at, since it's claiming to be secure, and is closed source... Closed source security software is always something you should be very skeptical of, due to Kerchoff's Principle. It basically states that a cryptosystem should be secure, even when the entireity of it is known to the attacker, with the exception of the key. Anyway, alas it wasn't necessary to have the source code to break this app... Let's take a look at the claims


Don't worry about your private and important files falling into the wrong hands?


Very valid concern that people have. Lots of people do. This sounds good so far.

Andrognito hides and encrypts any type of file with military-grade encryption with one of the fastest and most secure encryption algorithm ever.
Ooh, military grade encryption... Let's start counting how many times this is claimed... That's 1! This sounds interesting, except that hiding is not encryption. Hiding is a form of steganography. Encryption is the algorithmic modification of data, based on a key, so it can't be recovered without that key. But anyway, let's keep on going - this claims to be one of the "most secure encryption algorithms" ever... That's a bold claim, though I suspect this refers to AES.

It is one of the best way to hide files in Android.
Another big claim... Let's see shall we, rather than getting ahead of ourselves?


Perfectly suitable for all kinds of users, from teenagers to corporate personnel. Andrognito can hide and encrypt any kind of file into its secure vault with amazing speed. The Vaults are virtually breakable, thanks to its military-grade encryption algorithm.
Oh wow, this is good for corporate users, and it's military-grade crypto (count 2!)... That's a bold claim... This really must be ULTRA secure...


★ Uses military-grade AES 256bit encryption algorithm
★ Blazing fast encryption and decryption speed

Count 3 now... They are REALLY confident about their encryption here!


So... guesses as to how long it took me to break this? Under 3 minutes...

Here's how (instructions for Linux)... Install the app, set it up with an account. Make a vault, and put a file into it. Encrypt it up. Close the vault and leave the app.

adb pull /sdcard/Andrognito2/
(now you have all the files from the SD card directory on your PC)
sqlite3 Backups/files_VAULTNAME_new
SELECT * FROM FILES_MAIN;

1|ADG_mine|com.codexapps.andrognito.apk|4bd074e9-4225-4252-899d-7f5cea989aec|/storage/sdcard0/com.codexapps.andrognito.apk|other|false|5760734


(this shows you the raw filenames and paths of the encrypted files... Not so hidden after all? The "hidden" filename was the 4bd0... part, and the original filename was this app's APK name)

OK, so that's just a leak of the filename, right? Wrong...
type ".quit" to exit sqlite
sqlite3 Backups/vault_
VAULTNAME_ne
SELECT * FROM VAULT_MAIN;

You'll see something like this:

1|ADG_mine|mine|7979|2222|false|true

Yeah... 2222 was my PIN... "mine" was the vault name... Oh dear!


If you like the app, please give us a 5 star rating. It won't take more than a minute. :)

Ehhh... no thanks... A 5 star rating? You'd be lucky to NOT get legal summons for false representation and mis-selling of this tool...

Also, the encryption here is woefully weak, since it's based on a 4 digit PIN... Meaning 10,000 possible combinations of password. There's an option to wipe your data after N wrong passwords... So just dump the files off, and try it many times... Come on...

I didn't even look at the encryption used, since the above didn't fill my with much confidence at all! Why bother, when the PIN is there to see for all? I hope the encryption keys for the files are actually encrypted with the PIN (not that it will help, since the PIN is low entropy).

Folks... Be careful here... Just because something says "military grade security" and looks flashy, doesn't make it secure... Even if you say this is secure three times... This is simply NOT secure... Do NOT use it. It can't be secure, using a 4 digit PIN, unless it uses such a lengthy key derivation function to make it impossible to brute force 10,000 PINs... To make that impossible, it would mean unlocking the vault would take several days... (someone can wait a few years to get your files if they are valuable commercial documents).

OP, you should be ashamed at your claims of this being secure, and the "most secure" and whatnot. Very, very ashamed.
 

jerdog

Admin Emeritus - Purveyor of word nuggets
May 17, 2007
8,170
7,154
0
Gallifrey
I saw this on the portal, and figured it was worth a look at, since it's claiming to be secure, and is closed source... Closed source security software is always something you should be very skeptical of, due to Kerchoff's Principle. It basically states that a cryptosystem should be secure, even when the entireity of it is known to the attacker, with the exception of the key. Anyway, alas it wasn't necessary to have the source code to break this app... Let's take a look at the claims




Very valid concern that people have. Lots of people do. This sounds good so far.



Ooh, military grade encryption... Let's start counting how many times this is claimed... That's 1! This sounds interesting, except that hiding is not encryption. Hiding is a form of steganography. Encryption is the algorithmic modification of data, based on a key, so it can't be recovered without that key. But anyway, let's keep on going - this claims to be one of the "most secure encryption algorithms" ever... That's a bold claim, though I suspect this refers to AES.



Another big claim... Let's see shall we, rather than getting ahead of ourselves?




Oh wow, this is good for corporate users, and it's military-grade crypto (count 2!)... That's a bold claim... This really must be ULTRA secure...


Count 3 now... They are REALLY confident about their encryption here!


So... guesses as to how long it took me to break this? Under 3 minutes...

Here's how (instructions for Linux)... Install the app, set it up with an account. Make a vault, and put a file into it. Encrypt it up. Close the vault and leave the app.

adb pull /sdcard/Andrognito2/
(now you have all the files from the SD card directory on your PC)
sqlite3 Backups/files_VAULTNAME_new
SELECT * FROM FILES_MAIN;

1|ADG_mine|com.codexapps.andrognito.apk|4bd074e9-4225-4252-899d-7f5cea989aec|/storage/sdcard0/com.codexapps.andrognito.apk|other|false|5760734


(this shows you the raw filenames and paths of the encrypted files... Not so hidden after all? The "hidden" filename was the 4bd0... part, and the original filename was this app's APK name)

OK, so that's just a leak of the filename, right? Wrong...
type ".quit" to exit sqlite
sqlite3 Backups/vault_
VAULTNAME_ne
SELECT * FROM VAULT_MAIN;

You'll see something like this:

1|ADG_mine|mine|7979|2222|false|true

Yeah... 2222 was my PIN... "mine" was the vault name... Oh dear!

Ehhh... no thanks... A 5 star rating? You'd be lucky to NOT get legal summons for false representation and mis-selling of this tool...

Also, the encryption here is woefully weak, since it's based on a 4 digit PIN... Meaning 10,000 possible combinations of password. There's an option to wipe your data after N wrong passwords... So just dump the files off, and try it many times... Come on...

I didn't even look at the encryption used, since the above didn't fill my with much confidence at all! Why bother, when the PIN is there to see for all? I hope the encryption keys for the files are actually encrypted with the PIN (not that it will help, since the PIN is low entropy).

Folks... Be careful here... Just because something says "military grade security" and looks flashy, doesn't make it secure... Even if you say this is secure three times... This is simply NOT secure... Do NOT use it. It can't be secure, using a 4 digit PIN, unless it uses such a lengthy key derivation function to make it impossible to brute force 10,000 PINs... To make that impossible, it would mean unlocking the vault would take several days... (someone can wait a few years to get your files if they are valuable commercial documents).

OP, you should be ashamed at your claims of this being secure, and the "most secure" and whatnot. Very, very ashamed.
 

darKpoiSonend

New member
Jul 24, 2011
235
44
0
fingerprint?

Hi, I've been using Andrognito for quite a while now and I really like it!

It's beautifully designed and easy to use, however since I finally got my Galaxy S6 Edge I was wondering if it would be possible to implement the fingerprint sensor as a means for authentication?

I've searched the thread for anything related to fingerprints but couldn't find anything.
If there is already something related to this then please excuse me for not finding it.

Awesome work!
 
  • Like
Reactions: aritraroy

aritraroy

New member
Jun 13, 2013
488
241
0
Kolkata
blog.aritraroy.in
I saw this on the portal, and figured it was worth a look at, since it's claiming to be secure, and is closed source... Closed source security software is always something you should be very skeptical of, due to Kerchoff's Principle.
First of all, I would like to thank you for taking a look at this app and giving your valuable suggestions. I would not take this as a criticism or anything bad. It was my pleasure to get some feedback from such a recognized developer like you (even if it is not so sweet for me).

I am not trying to make any false claims here nor trying to wrongfully misguide my users in any way. I think there was some kind of misunderstanding and I would try to explain you some things and hope you will cooperate. :)

Ooh, military grade encryption... Let's start counting how many times this is claimed
Actually, by "military-grade encryption" we were referring to AES. We didn't use any weak algorithm created by ourselves where their is such a powerful and secure algorithm like AES 256-bit in CTR used by many military and security organizations. I m not trying to falsely represent any information here. :)

Hiding is a form of steganography. Encryption is the algorithmic modification of data, based on a key, so it can't be recovered without that key.
Yes, absolutely. I know about steganography and have worked on it too on other projects. But in this app, by "hiding" we mean that when a particular file is encrypted then there is neither any trace of the original file anywhere in the Android filesystem nor any app (like Gallery, File Manager) that can find it. That is why it gets "hidden" from the device and can not be recovered other than this app. I hope I am not making any false claims here. :)

Here's how (instructions for Linux)... Install the app, set it up with an account. Make a vault, and put a file into it. Encrypt it up. Close the vault and leave the app.
Yes, this is a loophole that you found out and I would like to thank you for it. Actually, the database is not encrypted and that's why the information could be retrieved. But that doesn't decrypt the file in any way. The filename that you found was actually that of the encrypted files.

But the files are still encrypted using AES and hidden from the filesystem, right? It is not like many other apps which take a file and puts a "dot" in front of the filename to hide it.

Those files that you found contain the raw encrypted data and the encrypted thumbnails. But we will be fixing this loophole too by encrypting the database. So there would be no other way to get this information too. :)

Also, the encryption here is woefully weak, since it's based on a 4 digit PIN
Actually, the 4-digit PIN is used to access the app. You can't also do a brute-force on this as it will lock the app after a certain number of failed attempts. If you check that all information in the Shared Preferences are encrypted too so there is no way to get data from there. We just need to encrypt the contents of the databases too.

I would still like to thank you for giving such an in-depth insight into the app and giving me a chance to improve it. I have no intention to falsely claim anything or deceive any of my users. Nothing is perfect, and there is always a chance to improve it. I am glad that I got that chance from you. Thank you so very much :)
 

aritraroy

New member
Jun 13, 2013
488
241
0
Kolkata
blog.aritraroy.in
Hey ho,
you app keeps gettin' better and better.

#1 Sorting works perfectly now.

#2 Yeah. :D

#3 It was a task killer, whitelisted the app and now it's working normal.

The gallery/swipe feature is awesome.
Only »problem«, that isn't a real problem at all,
is, that if I open a picture it takes ~6 seconds to close tge picture after I tapped the back button, but maybe it's my phone being too old (Galaxy S3).

That's the only thing I've encountered by now,
the app works like a charm, i love it. ;)

. : Sent via Samsung Galaxy S3 w/ Tapatalk : .
Thanks a lot for trying out the new features and confirming that everything is working fine n your side. :)

1. That's great. This was a much demanded feature and its now here. Did you ever face any crash while choosing any of the sorting options? Some people have reported and I am clueless.

3. As I had guessed. This is the only way Invisible Mode can be stopped. So this problem is also solved.

The swipe-gallery feature is actually designed to work as smooth as possible?

1. Did you face any lag while swiping from one picture to the other?
2. What was the original size of the picture which made you experience the ~6 seconds lag while pressing the back button?

This may help me understand the problem better and to optimize if possible.

Thanks for your cooperation all the time. Glad to have some really cooperating users like you. :)
 

ravian29

New member
Jan 23, 2011
1,849
1,872
0
Does it matter?
Thanks for showing support here. Btw, did you find time to check the latest version of he app which addresses a lot of bugs and enhancements. Would love to hear back from you? :)
Its working great really appriciate your hard work, no problems here with the app. can you please add fingerprint authantication as well ? It would really be helpful for users having devices with fingerprint scanners.
 
  • Like
Reactions: aritraroy

aritraroy

New member
Jun 13, 2013
488
241
0
Kolkata
blog.aritraroy.in
Hmm... that sounds weird.
Normally my vaults are kept open for quick access,
so they don't have a pin code.

But I created two test-vaults, one w/ the same pin as my login pin
and the second one w/ a complete different pin.
I gain access to both of 'em w/o any problems,
the app prompts me to type in the pin, I do so
and it opens the vault, so I can't repdroduce that behaviour.

Here you can see it.

Going from the first vault (test_00) into the second one (test_01).
And going back from the second vault into the first one.

Thanks a lot for confirming that you do not have this problem ever and cannot even reproduce it. I am still unsure why he had that problem. :(