Password Agent for Android

Share on:

Free Password Agent app allows you to use password database files created by the Windows version of Password Agent on Android platform. The app can use files from device storage or from internet cloud drives. It does not use any cloud service directly, but relies on Android storage access framework to access cloud files, so it also does not need permission to connect the Internet.

Basic usage

Run the app and press Browse file to pick a file (password database) you want to open, then enter your master password to unlock the file. Browse file opens system file picker which allows to select a file from device storage, or, if you have cloud service apps installed, then also from a cloud service like Google Drive, Dropbox, Microsoft OneDrive etc. It is important to note that if you open a file from a cloud service then any modifications you make to the file will be saved back to the cloud.

You need to follow certain procedure if you want to share and sync files, otherwise it is easy to lose updates made on one device. Because the files are encrypted and no master password is shared, there is no way to magically merge updates from multiple files on the background, so you need to work the way that eliminates this need.

The most important thing to remember is that once you update a file (password database) on device A, you need to get the updated file into device B before you start making modifications on device B. If you don’t, then both devices will have different file, lacking modifications made on another device. Thus, before opening the file on device B you need to make sure that the file you are going to open is up to date copy that contains modifications from device A – this can be usually done by inspecting displayed last modification time of the file you are going to open.

Making cloud files available offline

Cloud service provider’s app usually has means to mark certain files as available offline. That allows you to use the files also with no internet connection and data will be sent back to the cloud when internet connection is restored. But as mentioned in previous topic, you need to make sure you are not updating a file on another device B before you have uploaded changed file from device A back to the cloud and the updated file was successfully also replicated to device A.

Syncing with Windows computer

If you want to set up sync with Windows computer then be sure to follow setup guide, which explains how it works and how to set up sync and prevent file change conflicts.

Differences compared to Windows version

No autofill on Android

Presently there is no password autofill functionality on Android. If you need to transfer user ID or password, you can use copy and paste instead of typing, which requires switching between apps. You can also make use of the multi-window/split-screen functionality of Android to run Password Agent side by side with the app you want to transfer info to. Then there is no need to switch between apps. Keep in mind that transferring password through the clipboard/copy/paste is not secure as clipboard is public and all apps can monitor and record clipboard contents.

No old file versions are kept

Windows version keeps copies of previous versions of the file in separate files named .oldN. Android version does no keep such versions on save as it only has access to the files you select with system file picker. If you save to cloud then cloud service provider may offer automatic file history. Thus it is strongly not recommended to have your data file only in mobile device’s local storage with no backup, since you may lose all your data in the file when the file becomes damaged.

Security

Password database file has the same security and strength in Android than in Windows version. However, Password Agent user interface in Android is not as well protected for plain (decrypted) text leaks as the Windows version, because we do not have that much control over the string handling used in FMX framework and some memory buffers may not be properly “burned” after use. This is not a problem for a typical home user, but may be theoretically an issue when high security is required. Data in memory is still encrypted. Use of the clipboard is biggest security risk on both platforms.