How do I know the app does not upload my passwords to the cloud secretly?

ID Guard Offline is a TRUE OFFLINE app. It can never upload data to the cloud secretly.

So what is true offline? True offline is not "can be used offline". When we say true offline, we mean it NEVER connects to the Internet.

App permissions

Some users ask us: "How do I know the app does not upload my passwords to the cloud secretly?"

For android, it's quite simple. Android system allows apps to connect to the network only when they have the Internet permission. If an app does not have the Internet permission, it just cannot reach the Internet.

Users can check if the app "have full network access" from Google Play Store.

1. About this app

   

2. App permissions

   

3. Check "have full network access"

   

   Compare to app with Internet permission

Users can also check the "have full network access" permission from phone settings. We use a Samsung phone here.

1. Open app info in phone settings and show "All permissions" from the right corner 3-dot menu ⋮

   

2. Check "have full network access"

   

   Compare to app with Internet permission

In-app purchase

You might wonder how can I buy PRO if the app cannot access the Internet?

This is a really good question. Actually, in-app purchase transaction is processed by Google Play service which contacts the cloud side of Play Store.

When a user initiates an in-app purchase, our app asks the local Play Store app to process it by using a billing client library from Google, and later the Play Store app tells the result to our app.

During the transaction, our app does not connect to the Internet and, of course, cannot upload your passwords to our server.

What about iOS?

iOS does not come with an Internet permission. Most apps run in iOS can access the Internet by default, except keyboard apps which are blocked by a firewall. Yes, iOS does have a firewall, which can block any app from accessing the Internet. All iPhones sold in China are bundled with the firewall.

• It is "Wireless Data" in app settings in iOS shipped in China, not "Cellular Data" in other iOS versions.

• You have an "Off" option to block Internet access completely.

Before iOS 13, in-app purchase in iOS works just like Google Play service. However, since the release of buggy 13 OS, in-app purchase requires the app to access the Internet during the transaction. We sent Apple a feedback in detail, but they refused to fix it. Sorry for that.

Image source stackoverflow

If you use a Chinese version iPhone, you will not see the Internet permission request until you initiate in-app purchase. You can safely turn of the wireless data before and after purchase of PRO.

Remote fill

A few months ago, we released a browser extension to help filling passwords in Google Chrome and Microsoft Edge on desktop computers. Check out this, Stop using browser extension password managers. Use password manager extension instead.

Still, our app does not have the Internet permission. Our app encrypts username and password with a once-only key, and then launch a mobile browser to send data to desktop browser. It is the mobile browser that accesses the Internet, not ID Guard Offline. The key is generated with ECDH algorithm and shared only with the extension. This is a perfect End-to-end encryption mechanism to keep your password safe.

As you might know, it is easy to review the source code of our browser extension and Javascript program running in the mobile browser. Everyone can audit the data sent out by ID Guard Offline app and how the remote fill works.

Other questions

• If the app cannot access the Internet, why can it be updated?

  ID Guard Offline does not download new versions. It is the app store. Some android apps may download new versions inside the app and ask users to install. ID Guard Offline does not.

  The app store on your phone checks updates manually or automatically, depending on its settings. If new version is available, the app store downloads and installs the update.

• Why do I have to send my backup to other apps, like Mail or Google drive?

  ID Guard Offline minimizes the attack surface by not using Internet permission, nor storage permission, so it sends out the backup file. It is up to you to decide how to deal with it. You can send the file to your other devices via Bluetooth, Wi-Fi Direct or Nearby Share, or other app you trust.

  iOS can save the backup file to Files app. But lots of Android phones do not have a built-in app which can receive and save file to external storage. Though we do not recommend storing backup file on external storage in Android, you can do it by a third party app like Cx File Explorer or Xiaomi File Manager.