• Skull giver@popplesburger.hilciferous.nl
    link
    fedilink
    arrow-up
    27
    arrow-down
    4
    ·
    6 months ago

    As opposed to what? Encrypt them with a key that’s stored elsewhere on the device? Without user prompting (which any malicious app could also do, of course) storing these keys encrypted is very hard. You could use whatever key chain API your platform provides, but that’s just plain text passwords with extra steps. On Windows and Linux it wouldn’t improve security in any way, on macOS it might also not (I don’t know how Keychain access is done on macOS but I doubt it’s impossible to get the key from there if you have local file execution).

    Desktop applications aren’t sandboxed, and the ones that are will only be protected against other sandboxed applications. I’m not sure if encrypting local message databases protects anyone in practice. It just adds half an hour of chatgpt aided programing to the job of the malware devs while the users lose access to their own data.