CodeGuard Privacy Policy

Last updated January 12, 2023

Introduction

This privacy policy will provide information on how the Android app CodeGuard handles secret user data and user account data.

By secret user data is understood the secret information of pin-codes and login accounts. The main purpose of CodeGuard is to handle these safely.

By user account data is understood the information related to the user accounts for handling Google Drive and Microsoft OneDrive which are the two cloud-storages available for saving backups containing secret user data.

If you have any questions about the privacy policy, please contact the author

Login / logout

A user logs in to CodeGuard specifying a password, which is defined the first time the app is run. For making it easier and more convenient to login, there is an option to use biometric authentication , (fingerprint, face recognition...) .

For CodeGuard to be able to use biometric authentication, this must first be added to the device in the device Settings.

When activating biometric authentication in CodeGuard Settings, the user must specify the current login password. (No unauthorized user may enable biometric authentication if for some reason having temporary access to the app on the device without knowing the correct login password.)

Also, if a new biometric definition is added to the device in the device Settings, (like another fingerprint), then biometric  authentication will be disabled and need to be activated again. (An unauthorized user of the device cannot add his or her biometric information to get access to information managed by CodeGuard.)

Changing the CodeGuard login password in Settings will also disable biometric authentication.

The app is logged out after user being inactive for the time specified in CodeGuard Settings. The  user can also log out by performing a Back operation from the main page showing the lists, (two Back operations need to be performed). Alternatively the user may log out by selecting Exit in the app menu.

Permissions

Previously, (CodeGuard 3.5 or lower), the app stored local backup files in the CodeGuard folder located at the top of the file system. This is no longer the case as from version 3.6 and higher the files are stored in the CodeGuard folder owned by the app. Users were asked to move the backup files to the new storage area, (if this hadn't been made already). Beginning with CodeGuard version 4.4, this check is not made and hence CodeGuard no longer has access to files outside its own storage area. For the cases when access was needed, the user was prompted to grant read/write access to the device file system. This is no longer required.

Early versions of the app asked for permission to access to approximate location, (which was a WiFi  communication requirement, location was never used by CodeGuard).

Screenshots are not allowed and screen information is not shown when app is put into background.

Secret user data

All items created by the user in CodeGuard containing pin-code and login account data, are internally stored in an encrypted AES 256-bit database. No information is stored in any other form and no information is shared in any way. The data belongs and is available only to the CodeGuard app. 

It is not possible for the app author or anybody else to get hold of secret user data without having knowledge about the correct CodeGuard login password which enables access to the secret key used for encryption and decryption of the data. 

If the user of CodeGuard selects to create a backup, the data is stored locally on the device in an encrypted file. If changing the CodeGuard login password, restoring information from any previously made backups on the same device are only possible if the user knows the CodeGuard login password that was in use when the backup was originally made.

If anybody copies a backup file to another device, that user of that device must still know the login password that was in use at the time the backup was originally made. 

For backward compatibility reasons, there is a function to transfer data to a workstation having the CodeGuard-WS program installed. (This program is no longer available for download, however.) The users still having this program installed can download information from CodeGuard or upload information to CodeGuard. The transfer of data between CodeGuard and CodeGuard-WS is also encrypted. The user of CodeGuard-WS must know the CodeGuard login password.

User account data

If the user of CodeGuard selects to create a backup, the data is first stored locally on the device in an encrypted file (using AES 256-bit). If desired, the user may create a copy of the encrypted backup file and store this in the cloud.  CodeGuard supports Google Drive and Microsoft OneDrive cloud storages. 

The very first time Google Drive or Microsoft OneDrive is used, the system will prompt the user to select an account, (and provide login credentials). CodeGuard is not involved in this but will get informed about which account was selected. The only user information used by CodeGuard is the name identifying the selected account (e-mail address), and possibly the user's name if that is available.

CodeGuard does not use the user account information except for presenting which account the user has selected. This is shown in Settings for Google Drive and Microsoft OneDrive separately. The user may sign-out from current account and will be prompted by the system to select an account the next time the particular service is selected by the user.