Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Yeah, the memory thing didn't impress me. More concerning though is that apparently messages are stored in plain text on disk in that cache4.db file. It's not clear to me whether they are deleted when the app quits or what.


Yeah, I'm feeling like the quotes should be around "Hacked", and not "Encryption"


The files under `/data/data/[pkgname]` are only readable by the corresponding application. Encrypting them wouldn't add any security as the key for that cache would also be stored on the device.


> Encrypting them wouldn't add any security as the key for that cache would also be stored on the device.

That's why you use a user-derived key (i.e. based on the pin or w/e).




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: