OP Vault Support

2»

Comments

  • hubpf
    hubpf
    Community Member

    I'm not using WiFi sync. I use foldersync to sync files... if it can at least open the OPVault, it solves my problem partially...

  • We appreciate the feedback on OPVault support, guys! I'll pass that along to the team. :)

  • faisal233
    faisal233
    Community Member

    @saad Yes please pass along to the team that the DEFAULT FORMAT on the desktop app not working on android might be a small, tiny, itty bitty issue.

  • :) Yes, OPVault format being the default on OS X makes configuring sync with Android not so easy. The best solution is to support OPVault on Android and that is the plan!

  • phovey
    phovey
    Community Member

    Not to rub salt in a wound, but another beta goes by without OPVault support. Really, anything else done is just fluff - if I can't access and sync my vault, what good is unlocking it with a fingerprint or material design? Essentials first, then extras. You guys are focusing on the extras. I really hope there is a BETA-4 with the support before releasing the final product, otherwise that would be pretty embarrassing on AgileBits' part.

    That said, I am able to sync my OPVault successfully using Wifi sync from a Windows desktop to my Nexus 6P. While this is not ideal, it does get the job done for now. Not sure why Wifi sync is supported but Dropbox/folder sync isn't.

  • I'm sorry for the delay with OPVault everyone. I too wanted to have the OPVault format by now but things ended up being more complicated than I had expected.

    The biggest issue by far is the sheer size of the 1Password 6 release. We've completely redesigned the UX and have built an entirely new back end to support 1Password for Teams. Doing both of these (plus adding Fingerprint Unlock and a bunch of other improvements) took an incredible amount of time and energy.

    Given how big 1Password 6 for Android is combined with the fact it already took us much longer than we anticipated, we're certainly not going to delay 6.0 any further. We also already have a full schedule for the subsequent 6.1 release, and after pushing the team for faster, more frequent releases, I am hesitant to add anything more to that release either. Once the dust settles over the next few months, we'll re-evaluate things and see what step to take next.

    After waiting so long for 6.0, I am sure some of you are pulling your hair out when I'm already talking about the 6.2 time frame. If 6.1 and 6.2 each take as long as 6.0, then I would be the first one to join you in a lynch mob. Thankfully that's not something we need to worry about :) Going forward we're going to have much faster and focused releases.

    With all that said, please keep in mind that there has been a lot of progress made towards OPVault already. The new Teams backend we're using in Android is actually moving us closer to what you're looking for. The new (local) Teams database encrypts things in a similar fashion as OPVault, so a lot of what we learned over the last year will be directly applicable to supporting OPVault.

    I wish things went faster as well, but time is a fickle thing. Some things that you initially think are easy sometimes take forever. And unfortunately the reverse doesn't happen as often as I'd like :)

  • nickjbedford
    nickjbedford
    Community Member
    edited February 2016

    Meanwhile the iOS team is advancing that version at breakneck pace and had OPVault support four years ago. FOUR.

    He'll, I'd happily pay an extra couple of bucks for OPVault support if you actually bothered to prioritise it.

    Frustration is at an all time high.

  • I'm sorry @nickjbedford. There's not much more I can say than what I've already said. I agree with you, the pace of Android development has been too slow and I'd like it to be faster.

    Of course, I could point out that it is the iOS and OS X profits that are paying for Android development and we needed to grow our reserves before tripling the size of the Android team, but I'm afraid that will come off as defensive and I don't mean it that way. I could also point out that the tools and frameworks available on iOS are more powerful than what's historically been available on Android. And of course, we could also talk about fragmentation, but again I really don't want this to come off as defensive. I simply want to point out that there's a lot more that goes into development for different platforms. It would be easy for me to kick our Android developers, but I don't think that is fair. There's many things that have caused it to be slower.

    We're working through it and when you try 1Password 6 I think you'll agree that we're absolutely investing into Android. We'll get there.

  • EnerJi
    EnerJi
    Community Member

    @dteare

    Hi Dave, thanks for the peek behind the curtain. Like @nickjbedford and others, I am also frustrated at the lack of OpVault and the other areas where I find the Android app (including version 6) deficient, but as a business owner myself I can relate to your challenges.

    So, I just wanted to say thank you for engaging with us. It feels for the first time that Android is getting the investment it needs and the attention from the Agile Bits "powers that be," and that makes this user more willing to be patient. (Assuming, of course, those regular updates arrive as promised... dare I hope for a 6.1 beta later this month?!)

    Keep up the good work!

  • analogue
    analogue
    Community Member

    @dteare "I could point out that it is the iOS and OS X profits that are paying for Android development" You do understand that I use 1password because there is an Android version, if you don't support Android, I'll just switch away.

    People like me don't buy 1Password for Android, we just pay for the Mac App.

    Not blaming anyone here, but there is a silent crowd that was waiting for opvault/Android since the "Security Issue", and we are quite sad that some features took over security =/

    MVP+Focus... ;)

  • dteare
    edited February 2018

    Thanks @EnerJi. You'll like my upcoming blog post I think. I'm not going to give anything away, but it's related to this tweet :)

    @analogue: I hear you, and you're right, and as I said I wasn't saying those things to start an argument. It's just I thought it important to explain that it's not a simple matter of flipping a switch and having an app appear on another platform with full feature parity. It took a decade to get 1Password for Mac to where it is today, and up until recently Android was a very young platform. Then of course there's the matter of passion. Without passion you ultimately wind up with nothing, so we needed to find the right people to lead Android forward.

    Now, as for the "Security Issue", I'm quite frankly surprised how much hyperbole is going around simply because our original data format doesn't encrypt URLs and Titles. Yes, it would be great to encrypt more, and with our new format we do exactly that, but the AgileKeychain is still secure. There has been no crack or anything like that; it's simply a design decision that was made for performance. We needed this performance boost then and it is still important today on certain devices (after all, 1Password 6 supports Android 4 devices). Basically we need 1Password to be usable in order to allow people to actually use it.

    With that said, clearly this is very important to you, and I'm not trying to be dismissive of the way you feel. They are your feelings and you really want to have these additional fields encrypted. Since you really want to use the latest and greatest data format available, I recommend that you switch to teams. With 1Password for Teams, we encrypt item URLs and Titles, and we've made things even more secure than OPVault. You can read the full details in our White Paper, but suffice it to say we are constantly evolving our data formats and we've taken OPVault to the next level. For example, AES-GCM provides authenticated encryption with far superior performance, and the Account Key strengthens your Master Password with 128 bits of entropy.

    1Password for Teams has unmatched security, so if you want to have the best of the best, it's the best way to go. I suppose it might feel a little weird to sign up a team of 1 person, but it works just as well with a team of 1 or 100 :)

  • EnerJi
    EnerJi
    Community Member

    Thanks @EnerJi. You'll like my upcoming blog post I think. I'm not going to give anything away, but it's related to this tweet :)

    How mysterious. I wonder if this means you're now using Android full-time and feeling our pain every day? :)

    Looking forward to it.

  • phovey
    phovey
    Community Member

    Thanks @dteare for your replies. It's tough to be patient sometimes :)

    @EnerJi - this reminds me of when Facebook's Android app used to suck and they forced some manages to use Android phones (if memory serves). They got quite a few of the annoying bugs fixed quickly after that!

  • EnerJi
    EnerJi
    Community Member

    @phovey Yep! I'm starting to feel a bit optimistic now.

  • dteare
    edited February 2016

    As someone who typically isn't patient, I can totally see why you say it can be tough to be so :)

    Software development and security in general is a process and we're constantly working through it. Sometimes things take longer than we expect, and other times we're able to leapfrog over technologies and get ahead. With 1Password for Teams we have an opportunity to do exactly that as the security model used there can be thought of as OPVault version 2, and Android already supports it. If you've been struggling with Wi-Fi sync or don't want to use Agile Keychain, I encourage you to check it out.

    As for my tweet about my Nexus 6P, that is indeed me eating my own dog food. I switched (again) about a month ago and it's been a lot of fun. I switch to Android every few years (typically during the second half of the iPhone "S" years) and things have really improved a lot since last time. It's great to see. And it's been awesome to see how good 1Password 6 feels alongside the new Material Design.

  • juanii
    juanii
    Community Member

    @dteare

    The new Teams backend we're using in Android is actually moving us closer to what you're looking for. The new (local) Teams database encrypts things in a similar fashion as OPVault, so a lot of what we learned over the last year will be directly applicable to supporting OPVault.

    I was reading this thread just before I came across the quoted paragraph above and couldn't help but wonder: is OPVault support going to require Android 5.0? I think it would be good to know (at least for my own personal disappointment management :)). In that case, I'd like to add a vote to revisit the SpongyCastle alternative.

    Regards

  • EnerJi
    EnerJi
    Community Member

    @juanii If you care about security (and clearly you must since you're a 1Password customer) you may want to strongly consider upgrading to a more modern Android version. There are tons of security vulnerabilities in older Android versions, and especially pre Android 5.0, that will never be patched.

  • @juanii: I'm not sure yet to be honest. It's too early to speculate if OPVault would require Android 5 or not. I suspect it would as it is indeed similar to the format used by 1Password for Teams. There are also design decisions we made in OPVault that assume faster hardware, so I doubt it will run well on older devices. The best way to control the age of the devices we run on would be to limit the operating system to newer versions.

    Regardless, I'm 100% with @EnerJi on the security aspect. There have been a huge number of improvements to Android's security since version 4. Normally I am more forceful about upgrades as they are so very critical, but I tend to loosen up when it comes to talking to Android users as it's really the carriers and manufactures that have created this mess. Most users would happily upgrade if they could, so it is hard to chastise them :)

    Still, as a user who knows how important security is, I desperately plead with you to get a new device that runs the latest software, and ideally, pick one that can be upgraded.

  • juanii
    juanii
    Community Member

    @EnerJi Thanks for the heads up. I read a bit about it and you're right, 5.0 is a lot better. Unfortunately my device can't be upgraded to (stock) 5.0 and I don't think I'm buying a new phone soon.

    @dteare Thanks for the answer, it will be a lot less shocking when I find it in the release notes. I asked because maybe it was clear already that the BouncyCastle version in the OS is not suitable. You're right about the update hell carriers make for Android users (the official upgrade from 4.2 to 4.4.2 from my carrier came just a few months ago!). For me the only alternative now are mods or getting a new device. Now, given the low chance for OPVault support in 4.x, I'm changing my vote to multiple local vaults :)

    Regards

  • EnerJi
    EnerJi
    Community Member

    @juanii Unfortunately, security updates are one of the biggest issues with the current Android ecosystem. Things are getting slightly better for recently released "premium" devices, but that still leaves hundreds of millions of users out in the cold.

    What phone are you using? If it was reasonably popular and isn't too old, there's a good chance someone ported Lollipop (5.0) or Marshmallow (6.0) to your phone. If that's an option you're willing to explore, take a look here to see a large number of community-supported images: http://wiki.cyanogenmod.org/w/Devices#vendor=;

    My phone (running 6.x) has received at least three security patches since I got it, with each one having at least half a dozen security vulnerabilities. I can't imagine how many known vulnerabilities haven't been patched on earlier Android versions. And that's just the known vulnerabilities...

  • I'm sorry to hear you're stuck on 4.4.2, @juanii. It's a pity that carriers don't see the extreme value in keeping their devices up-to-date :(

    I'm trying to end on a positive, but given how upset I get when I think about fragmentation, it's not easy. So, I'm going to go with a LOLCat.

    iz likin myself on lolcats.com

    Works every time! :)

    Take care,

This discussion has been closed.