November 28, 2014

Google Keeps Your Secrets Safe on Your Android Phone

android-secretsGoogle wants to make it possible for you to carry your most sensitive data with you without compromising its security.  Released yesterday, Secrets for Android, allows users to securely store and manage vital information like passwords, credit card, and login information.

You can’t get the app from the Android Market just yet, but you can grab a copy from the Google Code page (direct link to .apk) if you want it now. Remember to set your phone to allow for apps outside of the Android Market.

The app works best on the premise that you use a strong password (naturally) but Google also adds their own security as well.  This includes automatically logging you out after inactivity and “strong encryption” on their end.

secrets002

secrets001

The app serves sort of a double duty purpose for aspiring Android developers in that the source code is available.  Use it to learn how more on file I/O, using crypto APIs, and simple 3-D view animation.



  • Daniel

    It would be nice if someone makes a way to secure pictures! Last thing I need is friends jumping onto my phone and looking at messages or pictures.

  • Will Bout

    This is a really great idea. I cant wait until it comes out. I am using AK notepad for that stuff right now and i feel "vulnerable".

  • Dave

    There is a free app already in the market for a long time called Password Safe that does the same thing?

  • Marc Seeger

    Does this actually have anything to do with google? The project owner has the nick "rogerta" and the package name doesn't seem to be googlish (package="net.tawacentral.roger.secrets")

  • Roger Tawa

    Hi there, I am the author of Secrets. Thanks for writing about my app on your site. To answer Marc Seeger, I am employed by Google, but I developed this application on my own in order to learn to write Android apps and to share my experience. Google retains the copyright of app, and hence the Google Open source blog post. But you are correct that this app is not tied to any Google services (for the moment anyway). To answer Dave's question, there are several "password management" type apps for the Android, but I believe they are not all the same. I encourage you to try many of them and see which one appeals to you most.

  • Wayne

    Daniel, Take a look at this…it seems to have recieved some high marks… ” target=”_blank”>http://www.cyrket.com/package/com.schwimmer.andro…

  • Daniel

    Thanks a lot, can't believe I missed this app.

  • John

    Hi Roger, Do you think Secrets will eventually do cloud computing? I'd like to be able to access my secrets through a browser as well, like with gmail and google calendar. Or are the security risks too daunting?

  • Charbax

    Yup, I'd like one Google account password to access all my online identities, and not only the ones compatible with FriendConnect. Basically, I would like Google to scan the whole Internet and tell me where it thinks I have an account on forums, community sites and other stuff, I try to enter each password, or get the forgotten passwords emailed to my Gmail, and Google should then change the password to a very strong and unique password for each different site that I am a member of. And store them all behind the Google Accounts wall. So I only need to remember one password for all my online identities.

  • Marc Seeger

    that's basically what openID is for :) Google is even an openID provider, so you can use e.g. your google account to log into sites supporting openid…

  • Charbax

    Very few sites support OpenID. I want Google to go and take care of all user accounts on any site that uses Username/Password for authentification. Basically what Google then does, is to log-in for you automatically when you go on those sites using Chrome, Android browser or whatever device where it knows it's you that is using it, eventually asking you for the Google Account password or some other shorter pin code each time.

  • Marc Seeger

    At the moment, > 40000 sites accept OpenID (” target=”_blank”>http://blog.janrain.com/2009/04/relying-party-sta… And if you've got an account at any of those services, you already have an OpenID: Google, Myspace, MS Live, Yahoo!, Blogger, AOL/AIM, Live Journal, Flickr, … It also is generally NOT a good idea to chose a "simpler" password/pincode for the account that controls ALL of your other accounts. In cryptography, a chain is also only as weak as its weakest link ;) But you are right: In general, a good "identity management" solution is really needed on the net. Facebook Connect is kinda lame because it's only limited to Facebook, MS Cardspace has really solid fundamentals and uses good crypto (WS-* family) but OpenID is the only standard that is actually open and people can set up their own OpenID Providers easily on e.g. their own domain.

  • Charbax

    OpenID is cool, and I think Google FriendConnect looks very promising. Though 95% of forums and other types of online communities do not support OpenID yet, though they all have standard username/password logins, and they often run standard systems so Google could automate the password changing feature to store such unique passwords for each site centrally. The worst security problem on the Internet I think is that people often use the same password across dozens and dozens of online communities which they are members of. So Google should provide somekind of toolbar in Chrome, in a Firefox plugin and on Android browsers, which would manage all your online identities all with one central password.

  • Pingback: Airlines.