NS Wallet Password Manager App 2.2.3 (Android / Google Play)

175x175bb (15)

This application is available for Android. This app is designed to be a multi-platform password manager for phone, tablets, PC and Mac. The latest build was released on December 17, 2014. Our latest check was performed on Oct 7th, 2016.

Findings Summary

Our examination revealed total 3 items, where were 2 DAR items and 1 DIT items found. Among DAR items were found 0 worst items, 1 bad item, 0 good items, and 1 best item. Among DIT items were found 0 worst items, 0 bad items, 1 good item, and 0 best items.

Below you find 3 infographics summarizing what we described above. Each image provides information about both DAR and DIT items.

 

 

This slideshow requires JavaScript.


Everything presented below is related to well-known CWEs, such as Sensitive data leakage [CWE-200], Unsafe sensitive data storage [CWE-312], Unsafe sensitive data transmission [CWE-319]. You can read more about it here.

Now let’s go deeper and examine each data item’s protection level.

 

Application Description

Let’s cite the description of this application below:

5 important facts you need to know about this password manager before you give up reading this boring description

  • No ads. At all. Really. 🙂
  • All main functionality is available for FREE (but we appreciate a lot when you buy premium features or our PRO/CLOUD app)
  • The app doesn”t have permission to access Internet (you can be sure that your data never leaks even theoretically)
  • A lot of people trust our application and use it for years, we have already more than 300 000 installs worldwide.
  • NS Wallet is multi-platform password manager, you can use it on the phone, tablet, PC or Mac, find more information about that here: http://www.nswallet.com

Now finally boring description for our password manager 🙂
NS Wallet is reliable, secure and FREE data vault for your confidential and sensitive information (like passwords, credit cards numbers, pin codes, phones and etc). Privacy is our highest concern, that”s why our password manager is fully offline solution, your data is stored ONLY on your smartphone or tablet, the app even doesn”t have permission to use network connection. For those who like to have backups in the cloud we have separate version of the application – NS Wallet Cloud, it saves all the backups automatically in your Dropbox or Google Drive and all the information can be easily restored from there anytime.
Main features

  • it is not necessary to remember dozens of your passwords, pin codes and other important pieces of information, you have to remember only one master password to access NS Wallet.
  • all your information is encrypted using AES cypher algorithm and stored securely on your phone or tablet, nobody is able to access your private information even if your device is lost or stolen
  • our password manager is very flexible, there is possibility to add any kind of your own custom information
  • the app automatically creates backup files and stores them in separate folder (or in the Cloud, if you use NS Wallet Cloud)
  • app is locked automatically if it is not used
  • embedded password generator can be used to produce highly secure passwords
  • the app is FREE to use
  • Internet is not used to reduce the risk of data loss

Premium features

  • search functionality
  • special folder “Recently viewed”, the folder is showing recently viewed items
  • special folder “Frequently viewed”, the folder is showing frequently viewed items
  • special folder “Expiring soon”, the folder is showing the items with the dates of one month in the future and earlier (very useful to track expiry dates of your credit/debit cards)
  • theme changing (you can select one of 11 beautiful graphical themes)
  • fonts changing

!!!!!! Important !!!!!!
Remember your master password by heart or put it down on the paper and put it into real safe. It is not possible to restore your data if you forgot/lost your password because the data is encrypted and your password is the only key to decrypt the data. Our support team will not reply any requests asking how to get access to your data if you lost your password because it is just not possible.

 

Protection levels.

Locally stored data (Data-at-Rest, DAR).

Locally stored data groups include Application Information, Credentials Information.
The average DAR value is 5.50 points (7.00 points of system protection and 4.00 points of own protection). It is higher than a typical value (3.5 points, where’s 7 points of system protection and 0 points of own protection).

Items’ GROUP #1 with average value 3.50 points (7 points of system protection, 0 points of own protection) means data protection levels have following definitions. Frankly talking, extra data found that shouldn’t be accessed where system protection level means – root/jailbreak is required but not possible without wiping device data, and own protection level means – stored as is.

– Application Configs (‘Application Information’ Group) – Different configuration files created by your app, perhaps app permissions. This data item related to mentioned group meant to be any info related to the app, app settings, including installed apps or installers

Items’ GROUP #2 with average value 7.50 points (7 points of system protection, 8 points of own protection) means data protection levels have following definitions. Frankly talking, compliance but there are publicly known techniques to access the data including forensics one where system protection level means – root/jailbreak is required but not possible without wiping device data, and own protection level means – compliance encryption algorithms ‘n’ security mechanisms implementations.

– Credentials Sync Data (‘Credentials Information’ Group) – Information about your credentials including credentials plus additional info about linked services. This data item related to mentioned group meant to be any types of credentials including basic (IDs only), passwords, tokens, etc.

Keep in mind if you’re using some Android devices such Samsung, LG or another device with an unlocked or non-locked loader that allow rooting your device without user action, the system level equals 6 points instead of 7. It means your data can be stolen without involving your actions.

Transferred data (Data-in-Transit, DIT).

Transferred data groups include Analytics ‘n’ Ads Information.
The average DIT value is 5.00 points (6.00 points of system protection and 4.00 points of own protection). It is higher than a typical value (4 points, where’s 4 points of system protection and 4 points of own protection).

Items with average value 5.00 points (6 points of system protection, 4 points of own protection) means data protection levels have following definitions. Frankly talking, data is not available all the time or partially accessed where system protection level means – MITM prevented or fake certificate importing prevented, but plaintext non-protected traffic is intercepted, and own protection level means – bypassed by fake/stolen root certificates.

– Device Data (‘Analytics ‘n’ Ads Information’ Group) – Device ID, Device Name, Device OS Name and Version, and jailbroken/root status. This data item related to mentioned group meant to be any info related to analytics services like Flurry, Google Analytics, etc. or advertisements

Keep in mind if you’re using out-of-date Android < 7.0, the system level equals 4 points instead of 6. It means your data can be stolen with a crafted preinstalled certificate on the device or if someone makes you install a certificate. Also, if you’re using out-of-date Android < 5.0, the system level equals 2 points instead of 4. It means your data can be stolen without involving your actions.

Privacy Policy

No Privacy Policy is available for this application.