SafeCamera is a local image and file encryption software, it uses well established, state of the art encryption algorithms and techniques to ensure security of user data.
Information we have
We as developers of SafeCamera software do not have any information about user data, encryption keys, passwords and other private information of SafeCamera application. SafeCamera application is by design doing only local to device data encryption/decryption and encryption keys never leave device or being written local storage. SafeCamera version for Android operating system is closed source, that’s why we deliberately don’t ask Android network permission, for our users to be 100% sure that it doesn’t leak any information through network.
SafeCamera derives encryption keys from user password each time user logs in and keeps them in memory. They are deleted from memory as soon as user leaves application or clicks on “Log out” button. Keys are NEVER being written to the disk or permanent storage.
Also SafeCamera uses PBKDF2 function with 2048 rounds to deliberately slow down any brute force attacks on encrypted files.
Master password login verification
As encryption keys are never stored on the device, we use double hashing with salting to generate a hash and store it on the device, using which we can verify that user entered correct password on login. This hash doesn’t leak any information about actual password or encryption keys and it’s used solely for login verification process.
Traces of unencrypted data
We take security of our users very seriously that’s why we have developed custom Camera activity for the Android application that makes on-the-fly encryption of taken photos, thus not leaving any traces of unencrypted data on the SD card of the device.
SafeCamera uses AES 256 Rijndael algorithm in CBC mode for file encryption. We use randomly generated salt and Initialization Vector (IV) for each file to prevent mass rainbow table attacks.
We wanted to achieve maximum security when developing SafeCamera, but with that comes some trade offs. You have the responsibility of remembering your master password. We can’t help you, if you have forgotten your password. There is no password recovery option and by design it can’t be, because your password and/or encryption keys were never stored or transmitted in any place, in any form, there is no way for us to help you in that case. However you can reset the application and continue using it with another master password, but all you existing photos will be inaccessible.
Please refer to security page for more detailed and technical explanation of it’s internals.