Encryption and location of passwords for calendars added with base url?

unrel

Hi, in an attempt to add a list of calendars all at once into Davdroid, I am discovering the locations of the necessairy data entries, E.g.

• Base Url
• User name
• Password
• Calendar description

After learning the account settings of Davdroid are stored in location:
/data/data/at.bitfire.davdroid/databases/services.db
And the actual calendars are stored in the default Android memory locations, which have been pre-designed for calendars, contacts etc. In my setup with Lineage 14.1 and Davdroid V 2.0.5-ose (248) the individual calendar (event) data is stored in:
/data/data/com.android.providers.calendar/database/calendar.db

However, after inspecting both databases in sqlite 3 after exporting the databases, and in Fdroids aSQLiteManager in case the exportation would obfuscate the passwords, I was unable to read/find any of the stored passwords.

From inspecting the databases, I think the “principle” is a parameter that stores/represents/contains different variables (e.g. base url/username/password etc) at different database-entries. I think it might at some point contain the password in obfuscated fashion (Indicated with the red lines in the attached picture). However that is mere speculation, I have not yet been able to determine whether it does, and I need to inspect the code of https://gitlab.com/bitfireAT/davdroid/blob/72749addcd9842caba2a5042de3eb8f559997179/app/src/main/java/at/bitfire/davdroid/model/ServiceDB.kt#L76 further to evaluate that suggestion/approach.

Therefore my question is:

How are the passwords for the Davdroid settings encrypted and where are they stored?

rfc2822

Hello,

DAVdroid uses Android’s account manager to store the passwords (see https://www.davdroid.com/privacy/), as recommended here: https://developer.android.com/training/articles/security-tips#Credentials.

See https://gitlab.com/bitfireAT/davdroid/blob/master-ose/app/src/main/java/at/bitfire/davdroid/AccountSettings.kt for details.

AccountManager usually stores its database in /data/system/users/0/accounts.db or something like that (may depend on your Android version and variant).