We are proud to announce that Psono's app for Android is now publicly available in Google Play store. The app has been written in Flutter and is released under Apache 2.0 open source. The source code for the app can be found on gitlab.
The app is far from being feature complete yet already supports all necessary functionality to use it without issues. So far the app supports the following features:
Next to all user specifc features:
Psono is using state of the art capabilities of the Android OS.
Psono is using flutter's secure random number generator to generate all the cryptographic parameters.
The standard cryptography necessary for Psono's interaction with a Psono Server is done by fluttersodium. fluttersodium is one of the few libraries currenty implementing the necessary NaCl bindings. Another library that is used for sha512 hashes and scrypt password key derivation function is pointycastle. This library is currently unmaintained but that should not harm security.
Psono is using fluttersecurestorage library which encrypts everything with AES and stores the key RSA encrypted in the Android's KeyStore
Biometric authentication is done by the local_auth library. It is using the normal fingerprint API of Android underneath.
Psono is using the "FLAG_SECURE" to treat the content of Psono secure and prevents it from appearing in screenshots or from being viewed on non-secure displays.
The next steps for Psono will be support for Android's autofill possibilities of other apps and websites. Apple's iOS will also see an app soon once we were able to secure the necessary hardware to build and test the app. This is due to the fact that Apple does not allow / support the possibility to build apps for Apple on not Mac hardware.