Why does ID Guard Offline not download logos from the Internet?

Recently, some users contacted us and asked, why not add a URL in the app to let me grab logos from the Internet like other password managers?

It's a good question.

We admit that's convenient but not secure because hackers may use this attack surface to steal your data.

Cyber Attack

To allow downloading logos means password managers have to access the network. But as you may know, 95% of data breaches are cyber-related. What's more, password managers are always used to store high-value data, so they are more prone to hackers.

No Internet is one of the security pros of ID Guard Offline. All your data is safely stored on your phone with security chip encryption and sandbox isolation. You neither need to register an account nor sacrifice your privacy.

Do you want to verify if it's true offline? Checkout these two posts.

• How do I know the app does not upload my passwords to the cloud secretly?
• How to verify that ID Guard Offline does not steal data in iOS?

Pegasus (spyware) Issue

Pegasus is a spyware that can exploit iOS versions up to 14.6 through a zero-click attack. As of 2022, it could read text messages, collect passwords, access the target device's microphone and camera, and harvest information from apps.

On top of that, Pegasus can be sent "flying through the air" to infect cell phones. It can use operating system image processing vulnerabilities to construct an emulated computer architecture and then steal data without any user interaction.

Are you an iPhone user? And using a lower version of the iOS system? If so, you should be careful because you are also at risk of a Pegasus attack if the logos you download from the Internet happens to be maliciously crafted by hackers. All data you store in your password manager may disclose.

Third-Parties Threat

Many password managers decrypt all passwords and store them in memory after entering a master password to unlock. If logos rely on third-party libraries, like trackers, all your passwords might be in danger.

ID Guard Offline adopts secondary encryption technology to ensure that only the viewed passwords are decrypted, and the rest are not.

Firstly, trackers inside an app have many permissions, such as scanning runtime memory, reading files inside the sandbox, and sending data out to the cloud.

Secondly, hackers or bad employees can insert malicious code into trackers and use the permissions to attack password managers. For example, they can scan the memory to read your master password and database, then send them to the cloud.

Are you interested in learning more details about the potential risks of trackers? Check this post, Trackers in password managers can threaten your passwords.

ISE extracted a master password: Password Managers: Under the Hood of Secrets Management

Pre-download Logos

We pre-downloaded numerous logos from official websites and packaged them into ID Guard Offline app. You can find most of the logos you want here, including tech giants like Google, email accounts like CTemplar, game accounts like Steam, etc.

Pre-downloading ensures that all the logos are safe without containing any viruses in the image files. Even if some accidentally include malicious code, ID Guard Offline can still keep your data safe. As it's not connected to the Internet, malicious code cannot sneak data out.

Logos are a part of our account security templates, which can store security information, such as recovery codes, security questions and answers. When you need to save a new account, enter the app name to use its template. Then ID Guard Offline will automatically show the appropriate logo for you. So easy to use, right?

Add Custom Logos

What about the accounts without templates? You can select a picture from your system albums as your custom logo. For example, use your mobile browser to search for the website's logo you want, save it to your phone albums, then tap the logo area to add it when editing an account in ID Guard Offline.

Do Grandma and grandpa always forget their Twitter passwords? You can help them save and use their photos as the account logos to distinguish theirs from yours.

And yet, if you are an Android user, you can also pick logos from the installed apps on your phone.

Conclusion

Grabbing logos from the Internet means the password manager needs to access the Internet. If the logos you download contains malicious code, hackers may use Pegasus (spyware) technology to steal your passwords. If downloading logos relies on a third-party library, all your passwords may be leaked as it's attacked.

ID Guard Offline does not expose this attack surface. We cut off the Internet connection, pre-store many logos into the app, and allow you to add custom ones. This design meets your needs for logos and keeps your data safe.

I hope this article gives a good answer on Why does ID Guard Offline not download logos from the Internet. If you still have any queries regarding the topic, please contact us via email at contact@bluespace.tech or leave your comment on Reddit, Twitter, or Facebook.