How do I know the app does not upload my passwords to the cloud secretly?

ID Guard Offline is a TRUE OFFLINE app. It can never upload data to the cloud secretly.

So what is true offline? True offline is not "can be used offline". When we say true offline, we mean it NEVER connects to the Internet.

App permissions

Some users ask us: "How do I know the app does not upload my passwords to the cloud secretly?"

For android, it's quite simple. Android system allows apps to connect to the network only when they have the Internet permission. If an app does not have the Internet permission, it just cannot reach the Internet.

Users can check if the app "have full network access" from Google Play Store.

  1. About this app

  2. App permissions

  3. Check "have full network access"

    Compare to app with Internet permission

Users can also check the "have full network access" permission from phone settings. We use a Samsung phone here.

  1. Open app info in phone settings and show "All permissions" from the right corner 3-dot menu ⋮

  2. Check "have full network access"

    Compare to app with Internet permission

In-app purchase

You might wonder how can I buy PRO if the app cannot access the Internet?

This is a really good question. Actually, in-app purchase transaction is processed by Google Play service which contacts the cloud side of Play Store.

When a user initiates an in-app purchase, our app asks the local Play Store app to process it by using a billing client library from Google, and later the Play Store app tells the result to our app.

During the transaction, our app does not connect to the Internet and, of course, cannot upload your passwords to our server.

What about iOS?

iOS does not come with an Internet permission. Most apps run in iOS can access the Internet by default, except keyboard apps which are blocked by a firewall. Yes, iOS does have a firewall, which can block any app from accessing the Internet. All iPhones sold in China are bundled with the firewall.

Before iOS 13, in-app purchase in iOS works just like Google Play service. However, since the release of buggy 13 OS, in-app purchase requires the app to access the Internet during the transaction. We sent Apple a feedback in detail, but they refused to fix it. Sorry for that.

Image source stackoverflow

If you use a Chinese version iPhone, you will not see the Internet permission request until you initiate in-app purchase. You can safely turn of the wireless data before and after purchase of PRO.

Remote fill

A few months ago, we released a browser extension to help filling passwords in Google Chrome and Microsoft Edge on desktop computers. Check out this, Stop using browser extension password managers. Use password manager extension instead.

Still, our app does not have the Internet permission. Our app encrypts username and password with a once-only key, and then launch a mobile browser to send data to desktop browser. It is the mobile browser that accesses the Internet, not ID Guard Offline. The key is generated with ECDH algorithm and shared only with the extension. This is a perfect End-to-end encryption mechanism to keep your password safe.

As you might know, it is easy to review the source code of our browser extension and Javascript program running in the mobile browser. Everyone can audit the data sent out by ID Guard Offline app and how the remote fill works.

Other questions