Password Manager + Cloud 2.2.2 (Android / Google Play)

This application is available for Android. >>>> SHORT DESCRIPTION <<<<<. The latest build was released on December 4, 2014. Our latest check was performed on Oct 7th, 2016.

Findings Summary

Our examination revealed total 3 items, where were 2 DAR items and 1 DIT items found. Among DAR items were found 0 worst items, 1 bad item, 0 good items, and 1 best item. Among DIT items were found 0 worst items, 0 bad items, 1 good item, and 0 best items.

Below you find 3 infographics summarizing what we described above. Each image provides information about both DAR and DIT items.

 

 

 

This slideshow requires JavaScript.


Everything presented below is related to well-known CWEs, such as Sensitive data leakage [CWE-200], Unsafe sensitive data storage [CWE-312], Unsafe sensitive data transmission [CWE-319]. You can read more about it here.

Now let’s go deeper and examine each data item’s protection level.

 

Application Description

Let’s cite the description of this application below:

NS Wallet Cloud is reliable and secure keeper for your confidential information (like passwords, credit cards numbers, pin codes, phones and etc) with automatic backups of your data to the cloud (Dropbox or Google Drive)
Main features

  • it is not necessary to remember dozens of your passwords, pin codes and other important pieces of information, you have to remember only one master password to access NS Wallet.
  • all your information is encrypted using AES cypher algorithm, nobody will be able to access your private information even if your device is lost or stolen
  • the app is very flexible, there is possibility to add any type of your own custom information
  • the app automatically creates backup files and stores them in separate folder on SD card/internal storage
  • app is locked automatically if it is not used
  • embedded password generator can be used to produce highly secure passwords
    NS Wallet Cloud includes also all premium features for free
  • theme changing (you can select one of 11 beautiful graphical themes)
  • fonts changing
  • search functionality
  • special folder “Recently viewed”, the folder is showing recently viewed items
  • special folder “Frequently viewed”, the folder is showing frequently viewed items
  • special folder “Expiring soon”, the folder is showing the items with the dates of one month in the future and earlier (very useful to track expiry dates of your credit/debit cards)
  • Automatic backup of the data to your favorite cloud service (we support Dropbox & Google Drive)

!!!!!! Important !!!!!!
Remember your master password by heart or put it down on the paper and put it into real safe. It is not possible to restore your data if you forgot/lost your password because the data is encrypted and your password is the only key to decrypt the data. Our support team will not reply any requests asking how to get access to your data if you lost your password because it is just not possible.

 

Protection levels.

Locally stored data (Data-at-Rest, DAR).

Locally stored data groups include Application Information, Credentials Information.
The average DAR value is 5.50 points (7.00 points of system protection and 4.00 points of own protection). It is higher than a typical value (3.5 points, where’s 7 points of system protection and 0 points of own protection).

Items’ GROUP #1 with average value 3.50 points (7 points of system protection, 0 points of own protection) means data protection levels have following definitions. Frankly talking, extra data found that shouldn’t be accessed where system protection level means – root/jailbreak is required but not possible without wiping device data, and own protection level means – stored as is.

– Application Configs (‘Application Information’ Group) – Different configuration files created by your app, perhaps app permissions. This data item related to mentioned group meant to be any info related to the app, app settings, including installed apps or installers

Items’ GROUP #2 with average value 7.50 points (7 points of system protection, 8 points of own protection) means data protection levels have following definitions. Frankly talking, compliance but there are publicly known techniques to access the data including forensics one where system protection level means – root/jailbreak is required but not possible without wiping device data, and own protection level means – compliance encryption algorithms ‘n’ security mechanisms implementations.

– Credentials Sync Data (‘Credentials Information’ Group) – Information about your credentials including credentials plus additional info about linked services. This data item related to mentioned group meant to be any types of credentials including basic (IDs only), passwords, tokens, etc.

Keep in mind if you’re using some Android devices such Samsung, LG or another device with an unlocked or non-locked loader that allow rooting your device without user action, the system level equals 6 points instead of 7. It means your data can be stolen without involving your actions.

Transferred data (Data-in-Transit, DIT).

Transferred data groups include Analytics ‘n’ Ads Information.
The average DIT value is 5.00 points (6.00 points of system protection and 4.00 points of own protection). It is higher than a typical value (4 points, where’s 4 points of system protection and 4 points of own protection).

Items with average value 5.00 points (6 points of system protection, 4 points of own protection) means data protection levels have following definitions. Frankly talking, data is not available all the time or partially accessed where system protection level means – MITM prevented or fake certificate importing prevented, but plaintext non-protected traffic is intercepted, and own protection level means – bypassed by fake/stolen root certificates.

– Device Data (‘Analytics ‘n’ Ads Information’ Group) – Device ID, Device Name, Device OS Name and Version, and jailbroken/root status. This data item related to mentioned group meant to be any info related to analytics services like Flurry, Google Analytics, etc. or advertisements

Keep in mind if you’re using out-of-date Android < 7.0, the system level equals 4 points instead of 6. It means your data can be stolen with a crafted preinstalled certificate on the device or if someone makes you install a certificate. Also, if you’re using out-of-date Android < 5.0, the system level equals 2 points instead of 4. It means your data can be stolen without involving your actions.

Privacy Policy

No Privacy Policy is available for this application.