Content
View differences
Updated by Oleksii Borysenko 5 days ago
The app caches sensitive OpenProject data: work packages, projects, user details, and activity history in a local SQLite (Drift) database on the device.
Until now this cache was stored in plaintext, meaning anyone with physical or filesystem-level access to the device (e.g. a lost/stolen phone, a compromised backup, or a rooted/jailbroken device) could read all cached project data directly.
Adding encryption to the database at rest using SQLCipher, with the encryption key held in the platform secure storage (Keychain/Keystore), so the cache is unreadable without the key.
Technical note: on the first launch after the update, any existing plaintext database is wiped and rebuilt in encrypted form to ensure no unprotected data lingers.
Until now this cache was stored in plaintext, meaning anyone with physical or filesystem-level access to the device (e.g. a lost/stolen phone, a compromised backup, or a rooted/jailbroken device) could read all cached project data directly.
Adding encryption to the database at rest using SQLCipher, with the encryption key held in the platform secure storage (Keychain/Keystore), so the cache is unreadable without the key.
Technical note: on the first launch after the update, any existing plaintext database is wiped and rebuilt in encrypted form to ensure no unprotected data lingers.