With the free version of “Secret Safe” you can manage a maximum of 8 entries. Use the Full version, if you want to store an unlimited amount of entries.
Detailed information can be found on the GiraOne website.
The master password is your central key for protecting all stored entries. Despite the fact, that the application requests only a minimal length of 6 characters for the master password, it is strongly recommended to use longer passwords.
A small amount of characters can also be entered by “long-clicking” on the number keys. Instead of using the phone keypad, you can also enter text using the text field. To do this, simply click in the text field and always complete the entry with “OK”.
Keep the chosen master password safe. If you don't remember your password, all data will be lost, if you have not created a backup of your data from with the app.
If you don't remember your password, you need a backup of your data. How to import the backup in this case, depends on the setting named “Unlock behaviour”:
Please note that when adding or editing entries, you must save changes using the "Save" button. If you leave the input screen using the button “Back” of Android, the changes are not saved!
In all multi-line text fields of entries with the type “Note” and “PIN Code” and in the URL field of the type “User name / password” you may enter hyperlinks, which can be clicked in the display screen of the entry. If you enter for example “https://www.google.com” and click on this link, your Android browser will be started and open the Google web page.
In the information field for PIN codes, you may also enter clickable phone numbers, e.g. +1-800-528-4800.
From the display screen for entries of the type “User name / password” you may copy the username or the password to the clipboard of the Android device. If you have also stored a hyperlink of the login page, you can log in very easily with only a couple of clicks.
Hint: For security reasons all data copied to the clipboard by “Secret Safe” is deleted from clipboard after 30 seconds.
All entered entries are stored in the local SQLite database of your Android device. The application offers two possibilities to back up and restore all database entries. For both possibilities, the entries are exported as CSV values. CSV means “Comma Separated Values” and is a simple text format, which you can display with a text editor and also with “Microsoft Excel” or “Open Office” at a PC.
For each entry, a line is exported. The values are enclosed in quotes and separated by comma. Example:
"note","Wish list","Wish 1\nWish 2\nWish 3" "up", "Google account","example-name","example-password","https://www.google.com" "pin","AMEX card","2345","","Number: 0123 3456 7890 1234" "contact","John Doe","epr","john.doe@yahoo.com" "link","Search Google for \"Encryption\"","https://www.google.com/m/search?q=encryption"
Please note, that the CSV data is saved in the UTF-8 character set used by Android. The first value of each line must be either “up” (Kullanıcı adı ve şifre), “pin” (PIN Kodu), “note” (Not), “link” (Yer imi) or “contact” (Kişiler).
Hint: The easiest way to create a correct CSV file is to start with an export of the sample content. Then you can easily modify the content. A formal documentation can be found at http://www.giraone.com/help/SecretSafe/SecretSafeCSV.html.
The two options offered for performing the backup differ in the way, how the data is exported:
This is the most secure method. The data is encrypted with a password you have to enter. This encrypted content is written to a ZIP file on phone memory or on the SD card. At no time the data is unencrypted on the storage medium. So there is no danger, that someone, who find your lost phone is able to restore your secret information from the storage medium using a recovery tool. You can also safely send the encrypted ZIP file via Bluetooth or email.
Hint: Use a strong and long password for securing your backup files. The used encryption method is “ZIP-AES 256-bit”. The created file can also be opened and decrypted on a PC using standard UNZIP programs, if these programs support AES encryption. Examples of such programs are “WinZip”, “Power-Archiver” or “7-ZIP”.
Hint: It is not recommended to use a password with exotic special characters, when the backup file should be decrypted on a PC. This could lead to problems because the UNZIP program on the PC works with a different character set than the Android system!
The CSV data will be stored unencrypted into a text file on the storage medium. This alternative is highly insecure! First of all, there is a great danger, that an app with the rights “access to SD card” and “internet connection” may read and send your data to another website. Additionally, there is the danger, that even after deleting the backup file, the content can be restored later using tools.
To restore your entries from a backup file, select it using the appropriate restore button within the app. The application checks whether an entry already exists in the database based on title, type and category.
Important: If you can't find your backup files and your Android version is 12 or later, you must work slightly different:
Be careful when using the app's feature to copy passwords to the clipboard. Other apps can access this data! There might be even apps, that have registered themselves to automatically get this data. This is a general security problem on Android devices. If you use the feature, please wait till the message that the clipboard has been deleted has appeared before leaving the app. On the first use also check, whether the text in the clipboard on your device is really deleted. There are many vendor specific clipboard implementations, where the delete operation is not working properly. A serious problem exists on “Samsung Galaxy” devices: unfortunately Samsung has added a proprietary clipboard “history” feature, capable of storing up to 20 “historical” entries, which cannot be deleted only by the user itself and not by a programming interface. Therefore, we recommend that you do not copy any passwords to the Samsung clipboard at all!
There is an experimental setting in the application, that tries to overwrite all 20 clipboard history entries. Because Samsung's clipboard history is filtering equal entries, the numbers 1 to 20 are written to the clipboard! We cannot guarantee, that this feature is working on all Samsung devices and versions, but we would appreciate any comments on the features.
For situations where you are forced to reveal your master password, you can define a second password in the application's settings. If you have defined such a password, you can log in with this password and then all operations are made on a second “fake” database. It is up to you to define the content of this database as realistic as possible.
There is one small indicator how you can check, whether you are in the “Revelation mode”: the title of the list screen will display square brackets [] instead of round parentheses () for the number of entries. You will also notice that for security reasons, the “revelation mode” setting itself and this help text is not displayed.
Important:
This behaviour can be changed via a setting, but it is recommended to leave the default setting. It prevents malware from having the ability to use memory dumps or memory debugging, after using “Secret Safe”.
If the application has been in the background for more than 2 minutes, the login screen will be displayed, when the application resumes. This means you need to enter the master password to unlock the safe.
The password generator is available for the type “User name / password”. The generated passwords are 8, 12 or 16 characters long and can be combined from the following parts:
Different combinations can be selected. Similar characters are suppressed, for example the number 0 and the capital letter O or the lower case letter l (small L) and the capital letter I.
This application uses open source from the following projects:
If you would like to report suggestions for improvements or problems, use the email address secretsafe@giraone.com.
http://www.giraone.com/help/SecretSafe/help-en.html
The application's manufacturer assumes no liability for the loss of stored data.
Back up your data regularly and carefully with the backup function!
Copyright giraone.com