Android Keystore issues
Proton apps (Proton Mail(nouvelle fenêtre), Proton VPN(nouvelle fenêtre), Proton Calendar(nouvelle fenêtre), and Proton Drive(nouvelle fenêtre)) on Android use the Android Keystore system(nouvelle fenêtre) to encrypt your passphrase, and other sensitive login assets to keep them secure.
This system should work 100% of the time, but in less than 1% of Android devices the Android Keystore is either unstable or unusable. This is due to flawed implementation of the Android Keystore API by OEM manufacturers.
If our apps detect that this issue affects your device, you will see a notification asking if you wish to:
- Continue
- Get more information (which takes you to this page)
- Log out
If you Continue, you can use our apps as normal, but your sensitive login assets will be stored unencrypted in a private folder on your device. This clearly has security implications that you should understand before deciding whether to use our apps on affected devices.
The first thing you should do, however, is update your device to the latest version of Android supported by its manufacturer. You can find instructions for doing this here(nouvelle fenêtre). This may fix the problem. If it doesn’t, read on.
What is the risk?
If you choose to Continue, we will store your passphrase and other login assets in plain text in the unencrypted private app folder on your device. Although not ideal from a security standpoint, there are a couple of important mitigating factors:
1. No other apps on your device can access the contents of the private folder we use. This also means that an adversary would need physical access to your device for there to be any risk of them accessing your keys and login credentials.
2. Most modern Android devices have full-disk encryption enabled by default, and nearly all other Android devices support manually enabling either full-disk encryption or file-based encryption on the device. If enabled, these strong security protections mean that even if an adversary has physical access to your device, it is very unlikely they will be able to access your Proton keys and login credentials.
Should I continue to use Proton apps on my Android device?
If your device is one of less than 1% of Android devices affected by this issue, you should carefully assess your threat model(nouvelle fenêtre).
The decision is yours alone, but in our view, for most people’s threat models and as long as full-disk or OEM file-based encryption is enabled on the device, the risk posed by continuing to use our apps is minimal.