Psono app in Google Play store
We are proud to announce that Psono's app for Android is now publicly available in Google Play store. The app has been written in Flutter and is released under Apache 2.0 open source. The source code for the app can be found on gitlab.
The app is far from being feature complete yet already supports all necessary functionality to use it without issues. So far the app supports the following features:
- Access to all your datastores and shares
- Creation of entries and folders
- Updating of entries and folders
- Deletion of entries and folders
- Convenient search through your whole datastore
- Lockscreen with biometric authentication e.g. fingerprint
- Mutliple translations into various languages (English, Italian, Spanish, French, ... and many more)
Next to all user specifc features:
- Registration
- Deletion of an account
- Password reset
- Support for 2-factor authentication for Duo / Google Authenticator and Yubikeys
- NFC support fo YubiKey
- SAML Login (requires the EE server)
- OIDC Login (requires the EE server)
- LDAP Login (requires the EE server)
Security
Psono is using state of the art capabilities of the Android OS.
Random Number Generator
Psono is using flutter's secure random number generator to generate all the cryptographic parameters.
Cryptography
The standard cryptography necessary for Psono's interaction with a Psono Server is done by fluttersodium. fluttersodium is one of the few libraries currenty implementing the necessary NaCl bindings. Another library that is used for sha512 hashes and scrypt password key derivation function is pointycastle. This library is currently unmaintained but that should not harm security.
Storage
Psono is using fluttersecurestorage library which encrypts everything with AES and stores the key RSA encrypted in the Android's KeyStore
Biometric
Biometric authentication is done by the local_auth library. It is using the normal fingerprint API of Android underneath.
Configuration
Psono is using the "FLAG_SECURE" to treat the content of Psono secure and prevents it from appearing in screenshots or from being viewed on non-secure displays.
Coming Up
The next steps for Psono will be support for Android's autofill possibilities of other apps and websites. Apple's iOS will also see an app soon once we were able to secure the necessary hardware to build and test the app. This is due to the fact that Apple does not allow / support the possibility to build apps for Apple on not Mac hardware.
