Security issue with the new Cryptomator 2.0 app - FaceID change doesn't force password

Most “security” apps (banks, password managers etc), that use faceID, falls back to password when the biometrics has changed, but Cryptomator doesn’t do that. So if someone adds their face, they can just enter my vault.

This may not be a threat for most people, but robberies where password is forced out of people is on the rise and with my password, they could go through all my files. If the password was forced when biometrics change, like in most other apps, this would not be a problem.

Of course they could force me to just give my Cryptomator password too. But most robberies are fast and they’re not going through every app on your phone to give them the password.

Thank you for pointing that out! Created an issue here: https://github.com/cryptomator/ios/issues/110

2 Likes
© 2021 Skymatic GmbH • Privacy PolicyImpressum