I would like to share an app I created together with a co-worker. It's the winning entry of the 2014 Dutch Samsung App Challenge (category best fingerprint app). The app is called S-Vault and it acts like a password vault which is integrated into your (on-screen) keyboard! We needed the app to be fast, secure and very easy to use, so that's where we put the focus of the development on. The app is available in the Samsung App Store (free), Google Play Store (paid) and you can download the APK here (free).
Web site
To get an overview of the project you can visit the (imho very nice looking) website at this location.
Why / Goal
We all know (or are getting to know) that it is important to use different passwords for all services we use that require password authentication. We also can understand that using different passwords with small variations is not very smart (whenever one of your passwords gets stolen, small variations lead up to your other passwords being broken very fast). We also know that using long passwords with random characters is the best thing to do. But... We can't remember all these passwords and using password managers like KeePass is great but it's still cumbersome when you need to enter a password. S-Vault solves these problems by integrating a password vault into your device's keyboard. No need to swap apps, no need for clipboard copy-pasting, whenever you need to enter a password: open the vault, authenticate with your fingerprint, NFC-tag or PIN-code and the password you need will be filled in. All in all, with S-Vault you can finally use fully randomized passwords, a different one for each service you use!
Key features
* Unlock your vault with your Fingerprint, an NFC-tag or PIN-code (fingerprint only available on Samsung devices with fingerprint sensor like the Galaxy S5 and Note 4)
* S-Vault replaces your keyboard with Google's AOSP keyboard and the S-Vault button is integrated into the keyboard, so you don't have to switch apps when you need to enter a password and there is no need for clipboard copy-pasting
* The app can be paired with a Chrome Extension, so you can send passwords to your browser too!
* Primary and alternative authentication (meaning you can define e.g. NFC and PIN-code as authentication methods and use the PIN-code if you don't have one of your registered NFC tags with you)
* Importing passwords from any kind of existing password manager (you need to export to CSV)
* S-Vault is based on Google's AOSP keyboard (the default keyboard on stock android), meaning it will replace your keyboard. The AOSP keyboard is a great keyboard to type on, just try it
Screenshots:
Security
If you will use this app, the passwords you register will be be stored on your device. There's nothing we can do about that, but we did what we could to ensure your passwords are safe. S-Vault stores the passwords in your 'Shared Preferences' (this is a place where apps can store data). If your device is not rooted, this is unreadable by anything but the app. That's nice, but your passwords need a lot more security. That's why we decided to make a trade-off between safety and usability. We used the symmetric AES encryption method to encrypt the data using a 1024-bit PBKDF2 derived key with a randomly generated salt and 5000 iterations. Your passwords are not stored anywhere else, but on your device.
If you use the Chrome Extension to send a password to your browser, it means that the password will be sent across the internet. Using SSL and a symmetric AES encryption is not enough to guarantee your data is safe. That's why we use RSA (with PKCS#1 padding) with signature verification when sending data over the internet. If this sounds complicated: it means that even if someone intercepts the data sent over the internet, that someone cannot decrypt it. Still to difficult? It's what your bank uses.
How does it work?
It's very simple. Whenever you need to enter a password, just click the vault icon on the S-Vault keyboard (located somewhere on the bottom-left) and authenticate yourself with (one of) your defined authentication methods, select the service which the password is for and the password will be entered! Whenever you need to fill in a password in Chrome, the S-Vault icon will be visible in the password field and you can start the 'Send password' item in your app drawer and the password you need will be sent to your browser after you authenticated yourself! Awesomesauce!
Samsung Developer Challenge
Somewhere in march 2014, Samsung launched a developer challenge for the upcoming Galaxy S5 and Samsung Gear devices. For the Galaxy S5 the challenge was to create an app that uses the fingerprint sensor. S-Vault was chosen as one of the ideas to be developed and on December 4, 2014, we ended as the winner of this challenge, so we're very proud we won and we hope this app will help with the process of becoming more 'password-aware'!
Here's a picture of us:
What will the future bring?
We are (of course) still working on the development of the app. Here are some features that will be available in the (near) future:
* More authentication methods (Pebble, Bluetooth, QR, etc., etc.)
* Extended support of password items (you can now only store a label and password per item, we want to add more fields (just like existing password managers can do)
* Firefox extension (next to the Chrome Extension)
* iOS 'extension' (to be able to send passwords to your iOS device, e.g. iPad)
* Windows extension (to be able to send passwords to your desktop)
Closing words
I don't think there's much more to say, except that we hope you like this project and we really hope it can help you in your daily struggle to keep your passwords safe! Please use this thread for questions, compliments, blames or anything else you want to say!
Change log
No changelog yet
Link
Chrome Extension: http://goo.gl/716zRO
App (Samsung App Store): http://goo.gl/6HYyXd
App (Google Play Store): http://goo.gl/zFpl9f
Direct links
APK: http://www.s-vault.nl/apk/SVault_v111.apk
Older versions
No older versions yet
Web site
To get an overview of the project you can visit the (imho very nice looking) website at this location.
Why / Goal
We all know (or are getting to know) that it is important to use different passwords for all services we use that require password authentication. We also can understand that using different passwords with small variations is not very smart (whenever one of your passwords gets stolen, small variations lead up to your other passwords being broken very fast). We also know that using long passwords with random characters is the best thing to do. But... We can't remember all these passwords and using password managers like KeePass is great but it's still cumbersome when you need to enter a password. S-Vault solves these problems by integrating a password vault into your device's keyboard. No need to swap apps, no need for clipboard copy-pasting, whenever you need to enter a password: open the vault, authenticate with your fingerprint, NFC-tag or PIN-code and the password you need will be filled in. All in all, with S-Vault you can finally use fully randomized passwords, a different one for each service you use!
Key features
* Unlock your vault with your Fingerprint, an NFC-tag or PIN-code (fingerprint only available on Samsung devices with fingerprint sensor like the Galaxy S5 and Note 4)
* S-Vault replaces your keyboard with Google's AOSP keyboard and the S-Vault button is integrated into the keyboard, so you don't have to switch apps when you need to enter a password and there is no need for clipboard copy-pasting
* The app can be paired with a Chrome Extension, so you can send passwords to your browser too!
* Primary and alternative authentication (meaning you can define e.g. NFC and PIN-code as authentication methods and use the PIN-code if you don't have one of your registered NFC tags with you)
* Importing passwords from any kind of existing password manager (you need to export to CSV)
* S-Vault is based on Google's AOSP keyboard (the default keyboard on stock android), meaning it will replace your keyboard. The AOSP keyboard is a great keyboard to type on, just try it
Screenshots:
Security
If you will use this app, the passwords you register will be be stored on your device. There's nothing we can do about that, but we did what we could to ensure your passwords are safe. S-Vault stores the passwords in your 'Shared Preferences' (this is a place where apps can store data). If your device is not rooted, this is unreadable by anything but the app. That's nice, but your passwords need a lot more security. That's why we decided to make a trade-off between safety and usability. We used the symmetric AES encryption method to encrypt the data using a 1024-bit PBKDF2 derived key with a randomly generated salt and 5000 iterations. Your passwords are not stored anywhere else, but on your device.
If you use the Chrome Extension to send a password to your browser, it means that the password will be sent across the internet. Using SSL and a symmetric AES encryption is not enough to guarantee your data is safe. That's why we use RSA (with PKCS#1 padding) with signature verification when sending data over the internet. If this sounds complicated: it means that even if someone intercepts the data sent over the internet, that someone cannot decrypt it. Still to difficult? It's what your bank uses.
How does it work?
It's very simple. Whenever you need to enter a password, just click the vault icon on the S-Vault keyboard (located somewhere on the bottom-left) and authenticate yourself with (one of) your defined authentication methods, select the service which the password is for and the password will be entered! Whenever you need to fill in a password in Chrome, the S-Vault icon will be visible in the password field and you can start the 'Send password' item in your app drawer and the password you need will be sent to your browser after you authenticated yourself! Awesomesauce!
Samsung Developer Challenge
Somewhere in march 2014, Samsung launched a developer challenge for the upcoming Galaxy S5 and Samsung Gear devices. For the Galaxy S5 the challenge was to create an app that uses the fingerprint sensor. S-Vault was chosen as one of the ideas to be developed and on December 4, 2014, we ended as the winner of this challenge, so we're very proud we won and we hope this app will help with the process of becoming more 'password-aware'!
Here's a picture of us:
What will the future bring?
We are (of course) still working on the development of the app. Here are some features that will be available in the (near) future:
* More authentication methods (Pebble, Bluetooth, QR, etc., etc.)
* Extended support of password items (you can now only store a label and password per item, we want to add more fields (just like existing password managers can do)
* Firefox extension (next to the Chrome Extension)
* iOS 'extension' (to be able to send passwords to your iOS device, e.g. iPad)
* Windows extension (to be able to send passwords to your desktop)
Closing words
I don't think there's much more to say, except that we hope you like this project and we really hope it can help you in your daily struggle to keep your passwords safe! Please use this thread for questions, compliments, blames or anything else you want to say!
Change log
No changelog yet
Link
Chrome Extension: http://goo.gl/716zRO
App (Samsung App Store): http://goo.gl/6HYyXd
App (Google Play Store): http://goo.gl/zFpl9f
Direct links
APK: http://www.s-vault.nl/apk/SVault_v111.apk
Older versions
No older versions yet
Last edited:
