Encryption and location of passwords for calendars added with base url?
unrel last edited by unrel
Hi, in an attempt to add a list of calendars all at once into Davdroid, I am discovering the locations of the necessairy data entries, E.g.
- Base Url
- User name
- Calendar description
After learning the account settings of Davdroid are stored in location:
And the actual calendars are stored in the default Android memory locations, which have been pre-designed for calendars, contacts etc. In my setup with Lineage 14.1 and Davdroid V 2.0.5-ose (248) the individual calendar (event) data is stored in:
However, after inspecting both databases in sqlite 3 after exporting the databases, and in Fdroids
aSQLiteManagerin case the exportation would obfuscate the passwords, I was unable to read/find any of the stored passwords.
From inspecting the databases, I think the “principle” is a parameter that stores/represents/contains different variables (e.g. base url/username/password etc) at different database-entries. I think it might at some point contain the password in obfuscated fashion (Indicated with the red lines in the attached picture). However that is mere speculation, I have not yet been able to determine whether it does, and I need to inspect the code of https://gitlab.com/bitfireAT/davdroid/blob/72749addcd9842caba2a5042de3eb8f559997179/app/src/main/java/at/bitfire/davdroid/model/ServiceDB.kt#L76 further to evaluate that suggestion/approach.
Therefore my question is:
How are the passwords for the Davdroid settings encrypted and where are they stored?
DAVdroid uses Android’s account manager to store the passwords (see https://www.davdroid.com/privacy/), as recommended here: https://developer.android.com/training/articles/security-tips#Credentials.
AccountManager usually stores its database in
/data/system/users/0/accounts.dbor something like that (may depend on your Android version and variant).