Are my cloud passwords safe?

Can you give some insight on how the connection from Cryptomator to my cloud accounts on the iPhone is handled technically?

In concrete: does Cryptomator has access to my credentials and could they be abused?

I found this:

But I am not sure what it means: does Cryptomator read the clear passwords for login on the clouds?

Cryptomator uses the official SDKs for the various cloud storage services. If I’m not mistaken, all of them use OAuth for authentication. In short: No, Cryptomator doesn’t have access to your (cleartext) credentials. But the application still has the permission (via the access token) to fully read/write your cloud storage. It won’t work without this permission, I mean also the encrypted data has to be read/written somehow. :sweat_smile:

There is one exception though: Cryptomator actually stores the cleartext credentials for WebDAV. But(!) the password is stored inside the iOS keychain. There is no other way around this. The password is needed for authentication. That’s why some cloud storage services enforce the user to create external passwords for WebDAV access.

1 Like

That is all fine for me.