NS Wallet FREE – secure password manager and data vault for confidential information 1.2 (iOS / App Store)

175x175bb (15)

This application is available for iOS. This app is designed to be a multi-platform password manager for phone, tablets, PC and Mac. The latest build was released on Aug 09, 2014. Our latest check was performed on Oct 7th, 2016.

Findings Summary

Our examination revealed total 5 items, where were 3 DAR items and 2 DIT items found. Among DAR items were found 0 worst items, 1 bad item, 2 good items, and 0 best items. Among DIT items were found 0 worst items, 1 bad item, 1 good item, and 0 best items.

Below you find 2 infographics summarizing what we described above. Each image provides information about both DAR and DIT items.

 

This slideshow requires JavaScript.


Everything presented below is related to well-known CWEs, such as Sensitive data leakage [CWE-200], Unsafe sensitive data storage [CWE-312], Unsafe sensitive data transmission [CWE-319]. You can read more about it here.

Now let’s go deeper and examine each data item’s protection level.

 

Application Description

Let’s cite the description of this application below:

NS Wallet is FREE, reliable, secure, multi-platform keeper for your confidential information (like passwords, credit cards numbers, pin codes, phones and etc). Privacy is our highest concern, that’s why NS Wallet is fully offline solution, your data is stored ONLY on your iPhone or iPad, the app doesn’t use any Clouds and any network communications.
Main features

  • it is not necessary to remember dozens of your passwords, pin codes and other important pieces of information, you have to remember only one master password to access NS Wallet.
  • all your information is encrypted using AES cypher algorithm, nobody will be able to access your private information even if your device is lost or stolen
  • the app is very flexible, there is possibility to add any type of your own custom information
  • the app automatically creates backup files and stores them in Documents folder, you can easily copy them to your Mac/PC and back
  • your information is always secured, the app is locked automatically if it is not used
  • embedded password generator can be used to produce highly secure passwords
  • Internet is not used to reduce the risk of data loss

Premium features (available after additional in-app purchase)

  • themes changing (you can select one of 11 beautiful graphical themes)
  • search functionality
  • special folder “Recently viewed”, the folder is showing recently viewed items
  • special folder “Frequently viewed”, the folder is showing frequently viewed items
  • special folder “Expiring soon”, the folder is showing the items with the dates of one month in the future and earlier (very useful to track expiry dates of your credit/debit cards)

!!!!!! Important !!!!!!
Remember your master password by heart or put it down on the paper and put it into real safe. It is not possible to restore your data if you forgot/lost your password because the data is encrypted and your password is the only key to decrypt the data. Our support team will not reply any requests asking how to get access to your data if you lost your password because it is just not possible.
NS Wallet is still in active development phase, send any your suggestions, comments and problems to e-mail support@nyxbull.com.

 

Protection levels.

Locally stored data (Data-at-Rest, DAR).

Locally stored data groups include Media Information, Application Information, Credentials Information.
The average DAR value is 5.33 points (6.00 points of system protection and 4.67 points of own protection). It is higher than a typical value (3.5 points, where’s 7 points of system protection and 0 points of own protection).

Items’ GROUP #1 with average value 6.50 points (7 points of system protection, 6 points of own protection) means data protection levels have following definitions. Frankly talking, protection and privacy issues are still possible but might involve interaction with an app code where system protection level means – root/jailbreak is required but not possible without wiping device data, and own protection level means – data is not available in backups.

– Screen Snapshots (‘Media Information’ Group) – Screenshots of your device screen running certain apps; common as an iOS app multitasking feature (app swipes) or browser tab swipes. This data item related to mentioned group meant to be any data like photo, image, video, audio

Items’ GROUP #2 with average value 3.50 points (7 points of system protection, 0 points of own protection) means data protection levels have following definitions. Frankly talking, extra data found that shouldn’t be accessed where system protection level means – root/jailbreak is required but not possible without wiping device data, and own protection level means – stored as is.

– Application Configs (‘Application Information’ Group) – Different configuration files created by your app, perhaps app permissions. This data item related to mentioned group meant to be any info related to the app, app settings, including installed apps or installers

Items’ GROUP #3 with average value 6.00 points (4 points of system protection, 8 points of own protection) means data protection levels have following definitions. Frankly talking, protection and privacy issues are still possible but might involve interaction with an app code where system protection level means – non-jailbroken/-rooted device but data is available for sharing if developer granted it, and own protection level means – compliance encryption algorithms ‘n’ security mechanisms implementations.

– Credentials Sync Data (‘Credentials Information’ Group) – Information about your credentials including credentials plus additional info about linked services. This data item related to mentioned group meant to be any types of credentials including basic (IDs only), passwords, tokens, etc.

Also, keep in mind, using jailbroken device means the system protection level is 0 points and you’re using out-of-date iOS < 8.3 the system protection level is 2 points. If some data marked as shareable via iTunes, then the system protection level is 4 points.

Transferred data (Data-in-Transit, DIT).

Transferred data groups include Analytics ‘n’ Ads Information, Payment ‘n’ Transaction Information.
The average DIT value is 5.00 points (5.00 points of system protection and 5.00 points of own protection). It is higher than a typical value (4 points, where’s 4 points of system protection and 4 points of own protection).

Items’ GROUP #1 with average value 4.50 points (5 points of system protection, 4 points of own protection) means data protection levels have following definitions. Frankly talking, data available if it’s allowed only and may require user action where system protection level means – some techniques are available to developers to keep connection bypassing system settings, like proxy settings, etc., and own protection level means – bypassed by fake/stolen root certificates.

– Device Data (‘Analytics ‘n’ Ads Information’ Group) – Device ID, Device Name, Device OS Name and Version, and jailbroken/root status. This data item related to mentioned group meant to be any info related to analytics services like Flurry, Google Analytics, etc. or advertisements

Items’ GROUP #2 with average value 5.50 points (5 points of system protection, 6 points of own protection) means data protection levels have following definitions. Frankly talking, data is not available all the time or partially accessed where system protection level means – some techniques are available to developers to keep connection bypassing system settings, like proxy settings, etc., and own protection level means – SSL pinning (can be patched).

– In-App Payment (‘Payment ‘n’ Transaction Information’ Group) – Data related to in-app payment via market store. This data item related to mentioned group meant to be details about transactions and payment data involved into transaction records

Keep in mind if you’re using out-of-date iOS < 9.0, the system level equals 2 points instead of 4. It means your data can be stolen without involving your actions.

Privacy Policy

No Privacy Policy is available for this application.