It is well established that the rapid proliferation of mobile devices has presented a number of unique security concerns – especially given the increasingly blurry line separating personal devices and use from professional. Even if your smartphone or tablet is exclusively used for personal reasons, it’s likely that there is still sensitive information stored on it that can be easily accessed if your device is lost, stolen, or compromised in some other way.
Luckily, there is a plethora of solid secure storage apps out there on the various platform-specific application market places.
Users of iOS devices should log into the App Store and check out WISeID and Secure Folder Pro. WISeID is free and lets users store data in an encrypted format – deploying AES 256 bit encryption – locally on that users device. The good thing about local storage is that users do not need to worry about data breaches. If WISeID stored all of its users information on their own servers rather than locally, then user data could be compromised if an attacker compromised WISeID’s systems. In this case, a hacker would have to compromise your phone and the WISeID app in order to access the information stored there. The app is protected by a master password that users must enter in order to access securely stored files. This passwords can be set to accept dot-pattern-based verification and facial recognition, though it is not clear how secure these features are, and I recommend protecting the app and the information is stores with a strong, modern password. The app also lets users password protect documents with shared passwords. In other words, you can send documents or photos or any other files that are encrypted and require a decryption password. It is important that only the sender and the recipient know the decryption password.
Secure Folder Pro is not free but only costs $3. On a basic level it is pretty similar to WISeID as far as encrypting and locally storing data goes, but it has a couple of other features interesting enough to warrant a mention here. The application icon itself is nondescript, giving no indication that sensitive data is stored within. It offers a trap-icon too, designed to look like the storage location, but containing no real information. This is what we call “security through obscurity” and it is generally not considered best practice, but along with all of its other features, Secure Folder Pro’s dummy app is a pretty cool addition, though a fake app probably will not trick an advanced attacker. Beyond that, the app is capable of pinging a GPS location and snapping a picture if your device goes missing and someone unsuccessfully attempts to login to the app. The problem with Secure Folder is that the barrier of entry to it is either a dot-pattern or four-numeral authenticator, neither of which is a particularly sophisticated password scheme.
A couple interesting options on the Google Play store for Android users are SureDoc and Box. Both store files in the cloud, which represents an interesting trade-off: if a cloud-service provider is serious about security, then storing sensitive information in the cloud is a perfectly safe move. The problem, as is always the case with cloud-based storage, is that if an attacker breaches the provider’s databases, then your personal data may be at risk of exposure. It’s always a question of trust: do you trust a particular cloud-service provider to secure sensitive information? They will have experts that certainly are better at security than you or me, but even the companies that invest the most in security get hacked sometimes. At any rate, each of these apps offer similarly encrypted storage and document sharing capabilities. SureDoc offers the most free storage (up to a terabyte) and boasts that it does not store encryption keys, meaning that only the correctly authenticated user can access information stored on SureDoc’s servers.
Box has a pretty good reputation, but is mostly used as a secure file-sharing tool for business users. It offers 10 free gigabytes of storage – all encrypted of course. Box password protects the documents stored there and automatically logs users out when the app I closed, meaning that users will need to re-authenticate themselves for each session.
SugarSync, which is actually available on nearly every mobile platform, seems like it could be a good secure storage choice for Windows Phone users, though it is only available to users that are willing to pay a fairly steep, usage-based monthly fee for cloud-based storage.
Keeper is a free Windows Phone app that offers similar secure storage functions. Like a lot of the Windows Mobile apps we looked at, Keeper is predominately a password manager, but it offers secure data storage and transmission with 256-bit AES encryption as well. The app itself has a two-factor authentication mechanism, which is definitely stronger security than the four-character pins offered by a number of other storage apps.
These are just a few visible choices among an uncountable array of similar apps. Some of these applications are free; others cost money. Some store files locally while others store them on a centralized server in “the cloud.” Beyond cost and storage location though, a lot of these apps offer pretty much the same service: encrypted data storage and document transmission. Ultimately it is your information you want to keep secure and it is therefore your responsibility to do so. I can’t say with any degree of certainty that these are the best secure storage apps available, but they certainly seem like good ones and are definitely a great place to start looking and comparing if you are interested in a secure storage service on your mobile device. Whichever secure storage app you decide on, it should have a strong authentication mechanism and it should deploy strong, modern encryption.
As always, if you have your own favorite secure storage application or have used any of the ones highlighted here, then you should tell us about it in the comments section.