Is it ever temporarily storing files unencrypted? For instance when one wants to view something that cryptomator hasn’t an internal viewer for?
When cryptomator would do that, that would make the files readable with adb or root, right?
Edit: I just read on the forum that cryptomator indeed decrypts the files and saves them unencrypted to share the data with other apps. Yikes ! ! !
I see that this would be fixed with #35, which is already open for 3 years now.
Yes, we download the file but we store it in the internal storage of the app. As long as you not root your phone, no app has access to this file without your permission (e.g. when sharing a file with app b you grant this app access to this file). Furthermore, only apps which you granted root access could access this folder and it is up to you, to grant root access only to apps which you really trust.
You’re probably looking for a different solution. The security target of Cryptomator is strictly bounded to protection of files in the cloud. Once synced, only a best-effort attempt can be made to restrict access to decrypted data without setbacks in terms of interoperability with third party apps.
If your device is compromised, and it doesn’t matter if we’re talking about malware, targeted attacks or faulty configurations, we leave the boundaries of what cloud encryption tools are made for.
No, the files doesn’t remain on the device forever. We have a service which cleans up this files every 4 hours. But as already written in this thread, these files are located in app specific storage that other apps do not have access to.