Recover encryption password from storage location about android HOT 4 OPEN

Secondly, I'd really like to be able to change the secret without entering the old one (because having access by a trusted device is commonly considered to be enough).

Try changing your password to any service you are logged into, I doubt any would let you change the password without verification. Think about it, it means anyone with access to an open browser tab or an unlocked device can just takeover your account.

I'd like to know where exactly the app stores the enc pw in which format. Maybe I can access it somehow using the administrative account on the device?

It doesn't. It stores a derived key used for encryption, but not the actual password. This is by design. :|

from android.

Thanks for your answer.

For the first point, I would say that a trusted device which needs to be unlocked is not comparable to an online service where you are logged in (for which you can usually trigger a reset if you own the registered email address). Compare to Keybase client, Wire or Signal, they all do crypto.

For the second, I suppose that the only way to go is to export the data, reset the account and import again then, if I cannot change the encryption key without providing the old one.

from android.

For the first point, I would say that a trusted device which needs to be unlocked is not comparable to an online service where you are logged in (for which you can usually trigger a reset if you own the registered email address). Compare to Keybase client, Wire or Signal, they all do crypto.

Can you just change your Signal password without setting the existing one? I'd be surprised if that's the case.

For the second, I suppose that the only way to go is to export the data, reset the account and import again then, if I cannot change the encryption key without providing the old one.

Yup

from android.

For the first point, I would say that a trusted device which needs to be unlocked is not comparable to an online service where you are logged in (for which you can usually trigger a reset if you own the registered email address). Compare to Keybase client, Wire or Signal, they all do crypto.

Can you just change your Signal password without setting the existing one? I'd be surprised if that's the case.

be surprised: "you can change the PIN as long as this deviced is logged in"

Of course, apps like Wire and Signal have per-device encryption keys and are bound to an email or phone number. However, the general principle is: once you are logged in, you have proven to be the owner and you have full data access anyways. What data are you trying to protect in this scenario?

from android.