When the vault is created in /sdcard all files and images inside it are accessible to other apps —the image files in vault become visible in gallery app and file manager app.
From my knowledge this is not a problem if the vault is created in Obsidian’s app-specific directory on Android.
Problem: Shared storage allows other apps to read ObsidianMD vaults.
Current workaround: None. Fatal.
Solution: Allow the paid sync service to sync to the app’s data storage area, which is not readable by other apps.
For what it’s worth, I think this should be a priority feature request. It’s good for the users privacy and clarity, but it’s also good for Obsidians growth as a business.
We should able to use the private app data area for secure notes rather than only being able to sync notes to the locally shared/public areas that other apps have access to.
Using the private area for notes would be a huge privacy and security benefit for Obsidian mobile - especially for attracting more paid users, and providing for the existing paid Sync service users.
I understand that it’s important for some users to have the option to store notes in the locally shared public areas of their phone so that a third party synchronisation app can be used, however, not being able to use the private isolated app data area undermines the benefit of using the paid Obsidian Sync service, especially the end-to-end encryption privacy.
I would argue that having your notes stored unencrypted locally on your computer is acceptable, but far less acceptable on your phone, as users have less technical control over their phones data when compared to computers, along with the unavoidable accessibility/insecurity of a portable device like a phone. I’m not suggesting app level encryption-at-rest or anything major but at least being able to use the private app data area seems like a super important step.
I can’t seriously consider using Obsidian Android until this is available.
+1 I would love to see an option to keep plaintext note files private. I have a large number of Android apps on my phone with access to shared storage that I don’t trust to access sensitive information.
All the other data in Android shared storage I consider non-sensitive, so right now this prevents me from putting especially private notes in Obsidian on Android.
Any news? It seems like a simple thing to implement but does that show my ignorance to this?
Even though I’m on GrapheneOS, some apps also demand full storage access as well so I either have to trust them to play fair or try to find another app.
Because of this, I use StandardNotes for very sensitive stuff but when I think about it, my data isn’t just my data; but other people’s in a way and I’d really like to improve that.
Quick question: What other apps do you use that require full filesystem access and network connectivity? It would be good to get an idea of the scale of the threat to us all as a group.
+1
I’m not comfortable allowing other apps peek into my private life.
Private storage should be the default, it’s a standard practice on Android since years.
An application that wants access to my whole filesystem, especially when it’s not open-source, is just a no-go.
+1
I think this is a critical issue too. At the moment i don’t dare to write everything down in my notes.
Unless I’m wrong, but even if you create an app specific folder (which is currently supported), a file manager app that for example would have the “all files access” would still be able to see that. I just tested this.
They’d have to implement their own encryption system to store the files in an encrypted state so that other apps couldn’t see it.
So what I do is just make sure that only open source / trusted app have the ‘all files access’ permission.
No, the private location is not accessible by file Managers (unless you root the device)
Maybe there’s a miscommunication here. But see this video, where I create a new vault in a new folder. But an app with ‘all files access’ like I have give to ‘files by google’ here, can just read those files. Not rooted, Android 13. https://youtu.be/4tIRHDWynMI
@WhiteNoise
Again the private section is not accessible even if you add the permission to file manager. This FR stands.
Any update on this?
This is the only reason I haven’t subscribed yet to Obsidian Sync for my personal notes.
