When the vault is created in /sdcard all files and images inside it are accessible to other apps —the image files in vault become visible in gallery app and file manager app.
From my knowledge this is not a problem if the vault is created in Obsidian’s app-specific directory on Android.
Problem: Shared storage allows other apps to read ObsidianMD vaults.
Current workaround: None. Fatal.
Solution: Allow the paid sync service to sync to the app’s data storage area, which is not readable by other apps.
For what it’s worth, I think this should be a priority feature request. It’s good for the users privacy and clarity, but it’s also good for Obsidians growth as a business.
We should able to use the private app data area for secure notes rather than only being able to sync notes to the locally shared/public areas that other apps have access to.
Using the private area for notes would be a huge privacy and security benefit for Obsidian mobile - especially for attracting more paid users, and providing for the existing paid Sync service users.
I understand that it’s important for some users to have the option to store notes in the locally shared public areas of their phone so that a third party synchronisation app can be used, however, not being able to use the private isolated app data area undermines the benefit of using the paid Obsidian Sync service, especially the end-to-end encryption privacy.
I would argue that having your notes stored unencrypted locally on your computer is acceptable, but far less acceptable on your phone, as users have less technical control over their phones data when compared to computers, along with the unavoidable accessibility/insecurity of a portable device like a phone. I’m not suggesting app level encryption-at-rest or anything major but at least being able to use the private app data area seems like a super important step.
I can’t seriously consider using Obsidian Android until this is available.
+1 I would love to see an option to keep plaintext note files private. I have a large number of Android apps on my phone with access to shared storage that I don’t trust to access sensitive information.
All the other data in Android shared storage I consider non-sensitive, so right now this prevents me from putting especially private notes in Obsidian on Android.
Any news? It seems like a simple thing to implement but does that show my ignorance to this?
Even though I’m on GrapheneOS, some apps also demand full storage access as well so I either have to trust them to play fair or try to find another app.
Because of this, I use StandardNotes for very sensitive stuff but when I think about it, my data isn’t just my data; but other people’s in a way and I’d really like to improve that.
Quick question: What other apps do you use that require full filesystem access and network connectivity? It would be good to get an idea of the scale of the threat to us all as a group.
+1
I’m not comfortable allowing other apps peek into my private life.
Private storage should be the default, it’s a standard practice on Android since years.
An application that wants access to my whole filesystem, especially when it’s not open-source, is just a no-go.