The real case about Bear note taking the app that decided to implement convenient note encryption and note locking for their existing user base. But finding a balance between usability, security and mobile platforms’ restrictions is complicated.
We start with the security design scheme, then select the proper encryption library, then implement the flow, and prepare for incidents. Now — think about it — cryptography is only chapter 3 in OWASP MASVS (8 chapters in general). Even the best cryptography will fail if basic security controls are badly implemented.
Click to read slides.In the end, this is only one simple JIRA ticket “let’s encrypt the notes” from the eyes of security software engineer :)
Read a technical blogpost “Implementing End-to-end Encryption in Bear App” about details of implementation.
FrenchKit Paris, France, 7-8 October 2019
RSConf Minsk, Belarus, 9-11 August 2019
CocoaHeads Kyiv conference Kyiv, Ukraine, 28 July 2019