Skip to content

Security

Defense in depth, by default.

Industry-standard cryptography, hardware-bound storage, and a deliberately minimal threat surface. Here's the technical breakdown.

AES-256

Encrypted Drive backups

PBKDF2

PIN hashing (irreversible)

Hardware

Bound to your device's keystore

Zero

Trackers, analytics SDKs, ad networks

PIN storage — PBKDF2, not plain text

Your App Lock PIN is never stored as written. It's run through PBKDF2 with a per-device salt and a high iteration count, then only the derived hash is persisted. We can't recover your PIN — and neither can anyone who extracts the encrypted file. If you forget it, you'll need to reset, and the data protected by it is unrecoverable. That's the point.

Backup encryption — AES-256-GCM

When you enable encrypted Google Drive backups, your data is bundled, compressed, and encrypted with AES-256 using a key derived from a password you set. The encrypted blob is uploaded to your Drive — we don't have a server in the middle, and Google sees only ciphertext. Without your password, the backup is cryptographically useless.

Drive scopes — minimum-privilege

NoteNext requests the drive.file scope, which limits the app to files it created itself. NoteNext literally cannot see your other Drive content — it's a platform-enforced boundary, not a promise.

Biometric authentication — BiometricPrompt

Fingerprint and face unlock use Android's BiometricPrompt API. Your biometric template never reaches the app — it stays inside the secure element / TEE on your device. NoteNext only receives a "yes" or "no" from the OS. When the Decoy Vault is active, biometric is suppressed so attackers can't bypass the decoy/real PIN choice.

Forensic hardening

The Android manifest explicitly disables the OS features that would otherwise leak your data outside the app sandbox:

  • android:allowBackup="false" — no Auto Backup to Google
  • dataExtractionRules — opt out of cloud + device transfer (Android 12+)
  • FLAG_SECURE on the lock screen — block screenshots & Recents previews

Crash reporting — opt-in, content-free

Optional ACRA-based crash reports include device info and stack traces only. Note content is never included. Depending on your settings, you'll be prompted before any report leaves your device.

Responsible disclosure

Found a security issue? Please email support@suvojeetsengupta.in with details. We'll acknowledge within 72 hours and credit you (with permission) when the fix ships. Do not file public GitHub issues for security vulnerabilities.