The master password is your central key to secure all entries stored in the safe.
Despite the fact, that the app requests only a minimal length of 6 characters for the master password,
it is highly recommended to use longer passwords (10 or more). If you want to use character based passwords,
instead of using the phone keyboard, click in the input field, to open the soft keyboard. A basic set of
characters can be entered also using "long-click" on the numeric buttons. Use the "ENTER" key to
finalize your input.
Keep the chosen master password safe. If you cannot remember your password, all data is lost, when you have not exported a backup of your data.
In case you cannot remember your password, but have a backup, it depends on the setting Unlock behaviour, what you have to do:
Please note when adding or editing entries, you have to save changes using the button "Save". If you leave the input screen using the hardware button "Back", the changes are not saved!
In all multiline text fields of entries with the type Note and PIN Code and in the URL field of the type User name / password you may enter hyperlinks, which can be clicked in the display screen of the entry. If you enter e.g. http://www.google.com and click on this link in the display screen, your Android browser will be started and open the Google web page. In the information field for PIN codes, you may also enter clickable phone numbers, e.g. +1-800-528-4800.
From the display screen for entries of the type User name / password you may copy the user name or the password to the clipboard of the Android phone. If you have also stored an hyperlink of the login page, you can log-in very easily with only a couple of clicks. Note: For security reasons all data copied to the clipboard by Secret Safe is deleted from clipboard after 30 seconds.
To change the master password, you have to key in the old password first.
All entered entries are stored in the local Sqlite database of your Android phone. Secret Safe offers two possibilities to backup and restore all database entries. For both possibilities, the entries are exported as CSV values. CSV means "Comma Separated Values" and is a simple text format, which you can display with a text editor and also with Microsoft Excel or Open Office at a PC. For every entry one line with values in double-quotes and separated by commas is exported. Example:
"note","Wish list","Wish 1\nWish 2\nWish 3"
"up", "Google account","example-name","example-password","https://www.google.com/accounts/Login"
"pin","AMEX card","2345","","Number: 0123 3456 7890 1234"
"link","Search Google for Android File Encryption","http://www.google.com/m/search?q=android+file+encryption"
Please note, that the CSV data is exported using the UTF-8 character set of Android and that the first value of each line must be either "up" (User name / password), "pin" (PIN code), "note" (Note), "link" (bookmark) or "contact" (contact). Hint: The easiest way to create an initial CSV import file is to start with an export of the sample content and then modify the content. A formal documentation can be found at http://www.giraone.com/help/SecretSafe/SecretSafeCSV.html.
The two possibilities offered for performing the backup differ in the way, how the data is exported:
This is the most secure method. All data is directly fetched from the database, encrypted with a password you have
to enter and written to a ZIP file on the SD card. At no time any secret data is stored unencrypted on the SD card.
So there is no danger, that someone, who find your lost phone is able to restore your secret information from the
SD card using a card recovery tool. Most people are not aware of this! Nearly all file managers use a simple delete
operation, where the content of the file is not deleted - only the entry in the folder. You may use bluetooth or the
network to transmit the backup file securely - it is encrypted! Hint: Use a strong and long password also for
securing your backup files. The used encryption method is ZIP-AES 256-bit. The created file
can be opened and decrypted on PCs also using standard UNZIP programs
supporting AES encryption, like WinZip, Power-Archiver or 7-ZIP (it will NOT work with
the simple UNZIP utility shipped with Microsoft's operating systems).
Hint: It is not recommended to use a password with special characters, when the backup file should be decrypted on a PC, cause the UNZIP software on the PC may have a different character set than the Android device!
The CSV data will be copied unencrypted into a text file on the SD card. This alternative is highly insecure! First of all, there is a great danger, that an app with the rights "access to SD card" and "internet connection" may read and send your data to another web site. Additionally there is the danger, that even after deleting the backup file, the content can be restored using card or file system recovery tools. For this reason, the Backup / Restore screen contains a button to delete the backup file. The function behind this button will overwrite all data of the file, before the file is deleted.
To restore your entries from a backup file, select it using the appropriate restore button. Please note, that since version 3.3 the restore function checks whether an entry is already in the database using its title, type and category.
Note: Both versions "Secret Safe" and "Secret Safe Lite" can use the same default backup folder. This offers the possibility to migrate from "Secret Safe Lite" to "Secret Safe" by restoring a backup of the lite version into the full version.
Be careful when using the app's feature to copy passwords to the clipboard. Other apps can access this data! There might be even apps, that have registered themselves to automatically get this data. This is a general security problem on Android devices. If you use the feature, please wait till the message that the clipboard has been deleted has appeared before leaving the app. On the first use also check, whether the text in the clipboard on your device is really deleted. There are many vendor specific clipboard implementations, where the delete operation is not working properly. A serious problem exists on Samsung Galaxy devices: unfortunately Samsung has added a proprietary clipboard "history" feature, capable of storing up to 20 "historical" entries, which cannot be deleted by a programming interface only by the user itself. Therefore we recommend that you do not copy any passwords to the Samsung clipboard at all!
With version 3.1.0 an experimental setting was added to Secret Safe that tries to overwrite all 20 clipboard history entries. Because Samsung's clipboard history is filtering equal entries, the numbers 1 to 20 are written to the clipboard! We cannot guarantee, that this feature is working on all Samsung devices and versions, but we would appreciate any comments on the features.
For situations where you are forced to reveal your master password, you can define a second password in the app's settings.
If you have defined such a password, you can log in with this password and all operations are made on a second "fake" database.
It is up to you to define the content of this database as realistic as possible.
There is one small indicator how you can check, whether you are in the "revelation mode": the title of the list screen will display square brackets  instead of parentheses () for the number of entries. You will also notice that the setting for "revelation mode" itself and this help text is not displayed.
The EXIT menu of Secret Safe finishes the app completely. This behaviour can be changed using a setting, but it is recommended to keep the default. It prevents malware from having the possibility to use memory dumps or memory debugging, after Secret Safe was used.
If the app was put into the background for more than 2 minutes, the start screen will be displayed, when the app is resumed. This means you have to enter the master password to unlock the safe.
The password generator is available for the type "User name / password". The generated passwords are 8, 12 or 16 characters long and can be combined from:
Different combinations can be chosen. When using certain combinations, some characters are suppressed, e.g. the digit 0 and the uppercase letter O or the lowercase letter l (L) and the uppercase letter I.
This app uses Open Source from the following projects:
Special thanks to Andrey Kharitonov for the russian translation.
If you have suggestions to improve the app, please mail your opinion to firstname.lastname@example.org.
The supplier of this software will not be liable to you for any damage or loss of data. Please use the backup functionality of this app continuously and carefully.