[App][7.0+][Early Access] Truvark - modern file encryption

Search This thread
By:
Advanced…
lukaspieper

lukaspieper

Senior Member
Nov 26, 2018
128
220
Lenovo Thinkpad Tablet
Google Pixel 3
Truvark is a modern file encryption app for Android. You might be wondering why building another vault app as there are already a lot of options. The difference is that Truvark is built around security by design and privacy by default. To proof that I take that serious, this is an offline app, it does not have/requests Android's Internet permission. Features like cloud synchronization are not compatible with the mentioned paradigms. However, that does not mean that you cannot sync or backup your data through a third-party app (on your own risk). Read more about (unique) features below.

Play_Image_1.pngPlay_Image_2.pngPlay_Image_3.png

Features​

Multiple vaults​

You can create multiple vaults on your device. Any empty folder can become a vault. All your data remains on the shared device storage, means you can access the encrypted files from a file manager e.g. for backups.

This is a major difference to alternatives. Some apps don't even encrypt your files, they just move them to the app's internal storage. These often speak about "hiding data" instead of encrypting. Others using encryption still prohibit access. You fully rely on their export feature.

Deep folder structures​

Truvark is not an encrypted gallery that just lets you group your pictures into albums. It is a file encryption app providing full support for creating folders inside folders. You are not limited in organizing your files.

View encrypted files​

The aim is to be able to view common file types in the app. Currently supported are images, videos and audio. The decryption takes place "on the fly" means the required data is decrypted in memory while needed. This is especially important for long videos that would not fit into memory. The image viewer supports high-res pictures and shows more details when zooming in instead of becoming pixelated.

Here are more differences to alternatives to spot. While I analyzed a wide range of vault apps from multimillion downloads to open source ones I found many flaws. Apps decrypting the full file to disk before showing it, scarify performance and possibly put that file on a risk. Others don't encrypt thumbnails, just the original files.

Privacy by default​

To make it short this app has no Internet permission. There are no analytics, ads, telemetry or requirements for an account. However, there is an option for logging that is turned off by default. Logging is required to be able to help any user that has an issue with my app. The user needs to provide these logs, they are not automatically sent (what is technically impossible because of the missing Internet permission).

Security by design​

Truvark is using a component (library) for encryption that is built by Google engineers and used in Google Pay. It's called Tink and has the following promise:

A multi-language, cross-platform library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse.
Click to expand...
Click to collapse
The last part is important. In cryptography it is enough to get a single parameter wrong to make an encryption insecure. Therefor I decided to rely on a popular open source library.

Additionally, Argon2(id) is used for key derivation. It won the Password Hashing Competition back in 2015 and is one of the best (if not the best) algorithm for that task out there.

The cryptographic core of Truvark (the combination of both libraries) is open source and available on GitHub.

The database is a Realm database. Realm can feature encrypted databases and of course that is in use. I have seen a lot of vault apps without encrypted database during my analysis.

Furthermore, Truvark supports biometric (e.g. fingerprint) authentication for unlocking a single vault. That feature is backed by the Android Keystore and might not be available on devices even though they offer biometric authentication because a strong authentication is required that not every device supports.

Partly open source, fully in future​

As mentioned above the cryptographic core is already open source and available on GitHub. You can see that this is not my first open source project. Because I'm committed to open source, I plan to publish the full source code sometime in future. The idea is to do that when the app leaves early access but all in all I will do that when I think it's ready.

About development​

On the one hand I want to let you know that I'm a professional software developer and not coding as hobby only, on the other hand I have to put a disclaimer here that I'm not a cryptography expert. However this app was carefully build over time and not in a hastle. Although this app is in early access, it is not a prototype or minimal valuable product. Every release is going trough automated and manual tests. For the manual tests I'm using multiple devices. Nevertheless I'm not afraid to say that bugs can happen. I personally lost data using alternatives in the past, so I am very aware of that issue. Therefor this app stores many information redundant. For example in near future a corrupted or deleted database can be almost fully restored (only some information about the folder structure will be lost but you don't need to organize all files again). The app is already designed to support featues like this in future. Furthermore to backup your encrypted files all you need to do is copy the vault folder.

Upcoming features​

  • Move files and folders to different folders
  • Rename folders
  • Rename vault
  • Material3, followed by many UI and UX improvements
  • Performance improvements

Future plans​

  • Support more file types (like text and PDF)
  • Fully open source
  • Provide desktop clients (cross platform)

Download​

Download from Google Play
 
Last edited:
  • Like
Reactions: orb3000, rodken and Logan
lukaspieper

lukaspieper

Senior Member
Nov 26, 2018
128
220
Lenovo Thinkpad Tablet
Google Pixel 3
Changelog:

0.4.0:
  • Target Android 13
  • Handle new notification permission (first and only required permission)
  • Support themed icons (Android 13)
  • Update dependencies

0.3.2:
  • Replace prebuild Argon2 (used for password derivation) with own build from official source
  • Update various dependencies (including improvements to the in-app file presenter)

0.3.1:
  • Fix a bug during biometric setup
 
Last edited:
  • Like
Reactions: Logan
7

7h3DuD3

Member
Jun 16, 2013
25
13
Google Pixel 5
Thanks for this, I noticed in recents I did not have to relog in to open, pixel as far as I understand doesn't close recents and clearing them also doesn't actually end the process losing a security risk. Great app though!
 
lukaspieper

lukaspieper

Senior Member
Nov 26, 2018
128
220
Lenovo Thinkpad Tablet
Google Pixel 3
7h3DuD3 said:
Thanks for this, I noticed in recents I did not have to relog in to open, pixel as far as I understand doesn't close recents and clearing them also doesn't actually end the process losing a security risk. Great app though!
Click to expand...
Click to collapse
Hi,

many thanks for giving Truvark a try and for providing feedback. Indeed there is no mechanism automatically closing a vault or the app itself. Actually I spend a bunch of hours on this feature already and haven't found a solution yet that significantly improves security while keeping encryption/decryption/etc reliable.

You might have noticed that this app makes heavy use of background scheduling. Other apps show a dialog forcing you to wait while they encrypt one file after another, where Truvark runs encryption parallel in background and you still can view your already encrypted files. This is one of the reasons why the feature you mentioned is not available yet, closing a vault would cancel background operations that cannot be automatically started again when the vault is opened next time, because of storage permissions.

Truvark is completely build on Android's "new" storage design (that Google enforced in Android 10/11) by using the storage access framework (SAF).

Therefor I cannot grantee that automatically closing a vault will ever be available, however likely there will be at least a button to close a vault inside the app or maybe a login screen to prevent access to the UI while still having that vault open in background. Actually I’m planning bigger changes on how the vaults are opened with the goal to make it possible having multiple vaults open at the same time. During that process I will reevaluate if it is easier to implement that feature.
 
lukaspieper

lukaspieper

Senior Member
Nov 26, 2018
128
220
Lenovo Thinkpad Tablet
Google Pixel 3
@7h3DuD3 did my post answered your questions or are you looking for different information? Happy to answer any question or feedback.

May I ask you in case you regularly use a vault/encryption app what app you're using? What you like about it and what could be improved in your opinion?

Furthermore, I might be able to give insights about the security and privacy of alternative apps if they were part of my analysis. Hoping to analyze more vault apps soon, possibly on request.
 
7

7h3DuD3

Member
Jun 16, 2013
25
13
Google Pixel 5
Actually don't use one ever for more than a few days, however I've been using this for a bit and find it adequate. Perhaps a triggered deletion of the vault, say recieve an email or text, but I'm fairly certain tasker could do that or multiple other apps not to mention the security risk of having something like that poses a security risk in itself. But overall I'd say it's better then what I've used in the past and files I carry on my personal thumbdrive are vaulted which feels better knowing should I lose it my personal information won't just be in a .hiddenpasswords.txt file lol that's been the main thing is bs where they hide the file like no one's gonna see that or rename the extension with no encryption. I haven't tried a brute force, might be kinda fun to do. Suggestion, Better variety of file types *
 
Last edited:
lukaspieper

lukaspieper

Senior Member
Nov 26, 2018
128
220
Lenovo Thinkpad Tablet
Google Pixel 3
7h3DuD3 said:
I haven't tried a brute force, might be kinda fun to do.
Click to expand...
Click to collapse
Starting with your last sentence, I wish you good luck with that. Of course it depends on your password. Assuming you picked a good password (Truvark requires 8 character at the moment) brute force is by far the worst attack you could try. For hashing Argon2id is used with a configuration above the minimal recommendations by OWASP and for encryption Google's Tink library is used that "has been deployed in hundreds of products and systems" (quote from their readme file) including Google Pay.

I think you should try attacking the implementation instead of globaly used algorithms.
7h3DuD3 said:
Actually don't use one ever for more than a few days, however I've been using this for a bit and find it adequate. Perhaps a triggered deletion of the vault, say recieve an email or text, but I'm fairly certain tasker could do that or multiple other apps not to mention the security risk of having something like that poses a security risk in itself. But overall I'd say it's better then what I've used in the past and files I carry on my personal thumbdrive are vaulted which feels better knowing should I lose it my personal information won't just be in a .hiddenpasswords.txt file lol that's been the main thing is bs where they hide the file like no one's gonna see that or rename the extension with no encryption. I haven't tried a brute force, might be kinda fun to do. Suggestion, Better variety of file types *
Click to expand...
Click to collapse
Thanks that you overall seem to like my app. I don't plan to implement a remote deletion because I believe that strong cryptography does not need that. If you really want to build that yourself in a first step you could just delete the file with the name "vault". It contains a so called salt and the encrypted database key, without the file the attack surface is reduced (and you lose access to your files even with correct password btw).

Because you mentioned a thumb drive, that is one of the benefits of the new storage APIs. Truvark fully supports sdcards and external USB devices without workarounds or the need to move data manually from time to time. I have seen lots of vault apps with bad sdcard support.

What file support are you looking for? I plan GIFs, basic text files and PDFs next.
 
lukaspieper

lukaspieper

Senior Member
Nov 26, 2018
128
220
Lenovo Thinkpad Tablet
Google Pixel 3
0.3.2:
  • Replace prebuild Argon2 (used for password derivation) with own build from official source
  • Update various dependencies (including improvements to the in-app file presenter)

Development is currently a little slow or let's say less visible to users because of many under the hood changes. Furthermore, I'm waiting for improvements/new features in some dependencies. Next will be various improvements to the database. After that I plan to work on Material3 design.
 
lukaspieper

lukaspieper

Senior Member
Nov 26, 2018
128
220
Lenovo Thinkpad Tablet
Google Pixel 3
0.4.0:
  • Target Android 13
  • Handle new notification permission (first and only required permission)
  • Support themed icons (Android 13)
  • Update dependencies
Was quiet in the last months, also because I had little time, the development will progress much faster in the next weeks. I am still working on the replacement of the database implementation. Afterwards it goes on with the Material3 redesign that will come with many new features.
 
  • Like
Reactions: Logan
You must log in or register to reply here.

Similar threads

C
  • Locked
[APP]SuperOneClick v2.3.3 - Motorola Exploit Added!
Replies
7K
Views
16M
vanessaem
vanessaem
HootanParsa
[APP][2.2+] MiXplorer v6.x Released (fully-featured file manager)
Replies
41K
Views
7M
SulettaA
SulettaA
R
  • Locked
[APP] z4root
Replies
3K
Views
7M
TRusselo
TRusselo
Team Vanced
[APP][MOD][ROOT/NONROOT] Vanced
Replies
21K
Views
4M
M
Mat444
PerfectSlayer
[APP][ROOT/NONROOT][OFFICIAL] AdAway v6.0.3
Replies
17K
Views
6M
m0han
m0han

Top Liked Posts

24 Hours 30 Days All time
  • There are no posts matching your filters.
  • 1
    lukaspieper
    lukaspieper
    0.4.0:
    • Target Android 13
    • Handle new notification permission (first and only required permission)
    • Support themed icons (Android 13)
    • Update dependencies
    Was quiet in the last months, also because I had little time, the development will progress much faster in the next weeks. I am still working on the replacement of the database implementation. Afterwards it goes on with the Material3 redesign that will come with many new features.
    View
  • 3
    lukaspieper
    lukaspieper
    Truvark is a modern file encryption app for Android. You might be wondering why building another vault app as there are already a lot of options. The difference is that Truvark is built around security by design and privacy by default. To proof that I take that serious, this is an offline app, it does not have/requests Android's Internet permission. Features like cloud synchronization are not compatible with the mentioned paradigms. However, that does not mean that you cannot sync or backup your data through a third-party app (on your own risk). Read more about (unique) features below.

    Play_Image_1.pngPlay_Image_2.pngPlay_Image_3.png

    Features​

    Multiple vaults​

    You can create multiple vaults on your device. Any empty folder can become a vault. All your data remains on the shared device storage, means you can access the encrypted files from a file manager e.g. for backups.

    This is a major difference to alternatives. Some apps don't even encrypt your files, they just move them to the app's internal storage. These often speak about "hiding data" instead of encrypting. Others using encryption still prohibit access. You fully rely on their export feature.

    Deep folder structures​

    Truvark is not an encrypted gallery that just lets you group your pictures into albums. It is a file encryption app providing full support for creating folders inside folders. You are not limited in organizing your files.

    View encrypted files​

    The aim is to be able to view common file types in the app. Currently supported are images, videos and audio. The decryption takes place "on the fly" means the required data is decrypted in memory while needed. This is especially important for long videos that would not fit into memory. The image viewer supports high-res pictures and shows more details when zooming in instead of becoming pixelated.

    Here are more differences to alternatives to spot. While I analyzed a wide range of vault apps from multimillion downloads to open source ones I found many flaws. Apps decrypting the full file to disk before showing it, scarify performance and possibly put that file on a risk. Others don't encrypt thumbnails, just the original files.

    Privacy by default​

    To make it short this app has no Internet permission. There are no analytics, ads, telemetry or requirements for an account. However, there is an option for logging that is turned off by default. Logging is required to be able to help any user that has an issue with my app. The user needs to provide these logs, they are not automatically sent (what is technically impossible because of the missing Internet permission).

    Security by design​

    Truvark is using a component (library) for encryption that is built by Google engineers and used in Google Pay. It's called Tink and has the following promise:

    A multi-language, cross-platform library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse.
    Click to expand...
    Click to collapse
    The last part is important. In cryptography it is enough to get a single parameter wrong to make an encryption insecure. Therefor I decided to rely on a popular open source library.

    Additionally, Argon2(id) is used for key derivation. It won the Password Hashing Competition back in 2015 and is one of the best (if not the best) algorithm for that task out there.

    The cryptographic core of Truvark (the combination of both libraries) is open source and available on GitHub.

    The database is a Realm database. Realm can feature encrypted databases and of course that is in use. I have seen a lot of vault apps without encrypted database during my analysis.

    Furthermore, Truvark supports biometric (e.g. fingerprint) authentication for unlocking a single vault. That feature is backed by the Android Keystore and might not be available on devices even though they offer biometric authentication because a strong authentication is required that not every device supports.

    Partly open source, fully in future​

    As mentioned above the cryptographic core is already open source and available on GitHub. You can see that this is not my first open source project. Because I'm committed to open source, I plan to publish the full source code sometime in future. The idea is to do that when the app leaves early access but all in all I will do that when I think it's ready.

    About development​

    On the one hand I want to let you know that I'm a professional software developer and not coding as hobby only, on the other hand I have to put a disclaimer here that I'm not a cryptography expert. However this app was carefully build over time and not in a hastle. Although this app is in early access, it is not a prototype or minimal valuable product. Every release is going trough automated and manual tests. For the manual tests I'm using multiple devices. Nevertheless I'm not afraid to say that bugs can happen. I personally lost data using alternatives in the past, so I am very aware of that issue. Therefor this app stores many information redundant. For example in near future a corrupted or deleted database can be almost fully restored (only some information about the folder structure will be lost but you don't need to organize all files again). The app is already designed to support featues like this in future. Furthermore to backup your encrypted files all you need to do is copy the vault folder.

    Upcoming features​

    • Move files and folders to different folders
    • Rename folders
    • Rename vault
    • Material3, followed by many UI and UX improvements
    • Performance improvements

    Future plans​

    • Support more file types (like text and PDF)
    • Fully open source
    • Provide desktop clients (cross platform)

    Download​

    Download from Google Play
    View
    1
    lukaspieper
    lukaspieper
    Changelog:

    0.4.0:
    • Target Android 13
    • Handle new notification permission (first and only required permission)
    • Support themed icons (Android 13)
    • Update dependencies

    0.3.2:
    • Replace prebuild Argon2 (used for password derivation) with own build from official source
    • Update various dependencies (including improvements to the in-app file presenter)

    0.3.1:
    • Fix a bug during biometric setup
    View
    1
    lukaspieper
    lukaspieper
    0.4.0:
    • Target Android 13
    • Handle new notification permission (first and only required permission)
    • Support themed icons (Android 13)
    • Update dependencies
    Was quiet in the last months, also because I had little time, the development will progress much faster in the next weeks. I am still working on the replacement of the database implementation. Afterwards it goes on with the Material3 redesign that will come with many new features.
    View

New posts