My Keepass2 setup with Android, Firefox and sync


A couple of weeks ago I read another article about a major security breach of a big online service and finally decided that I need a special password for every service I’m using. Up until then, I always used about 6 passwords for online stuff. More important sites got one of the better passwords, irrelevant sites one of the poor ones, but a lot of sites shared passwords. Since I try to use only three user names (private, gaming and work) if they are available, it wouldn’t have been too hard to try my password they stole from service X on service Y with not a bad chance of success.

It’s not my first try to use a central application for my passwords, but all failed because of trust or usability. I want to be able to use this on all my computers, on my mobile and on the go, so I needed a synced solution. There are a few around, but I don’t trust this kind of data hosted on a server thats not mine. So this is the first solution that was comfortable to use and secure for my needs. All the tools here are open source, which doesn’t makes them secure, but we can hope there are people checking them out. 🙂

I’ll show mostly my setup, all the tools described here are heavily customizable, so check all the options after the initial setup to adapt them exactly to your needs. But this will hopefully get you started.


First we need to install KeePass2. There are versions for the major operating systems on their website, I tried Linux (used the packages shipped with Ubuntu) and Windows.

Create a new database
Create a new database

Now that we installed KeePass, we’ll first need to create a new database. After selecting where to save it, we’ll have to put in a master password. Obviously, this should be one of the better kind. I didn’t check out the possibilities of a key file or testing the existence of a USB drive, since it would be a problem for portability of the solution.

(src xkcd, CC BY-NC 2.5)
(src xkcd, CC BY-NC 2.5)

After putting in the password, it was asking for a few settings. Since I was fine with the standards, the KeePass file was created with a few sample entries. We can delete the samples and save it now.

Create a new password, e.g. 32 characters long.
Create a new password, e.g. 32 characters long.

To try it out, we could generate a new password (Tools -> Generate Password). I prefer to use A{32} as a pattern, which creates 32 lower and upper case letters and numbers. (I guess that is security wise dumb to tell, so I might change it in the future. ;)) It’ll create a blank entry in the database with a random password. If you edit it, you can add at a user name, but also URL (later useful for Firefox integration), custom notes, an icon and a lot of other fields.

Update: I changed that to use special characters as well.

If we want to login now, we can select the entry and press Ctrl-C to copy the password into the clipboard for a few seconds. If you want to copy the user name, use Ctrl-B and Ctrl-U will open the saved URL for you.

KeeFox: Firefox Integration

To make this far more comfortable to use, we should integrate this into our browser. Since I use Firefox at the moment, I used KeeFox for that, but there are supposed to be plugins for other browsers as well. KeeFox can fill out your forms automatically and save new passwords directly into KeePass, just like the internal Firefox password manager did. Running Windows, this is a breeze. Install KeeFox from Mozillas Addon Page, restart Firefox and follow the instructions. It’ll copy the KeeFox plugin into your KeePass directory. After restarting KeePass and maybe Firefox as well, you’ll get a connection window asking you to for a code and another one showing it to you. (Just to make sure that nothing connects without your consent.)

Linux users have a slightly harder time. On Ubuntu, you’ll need to install mono-complete for KeeFox to work, other distributions will have similar meta packages for a complete mono installation. (If anybody knows exactly the packets necessary, I would appreciate a comment, all the howtos simply install mono-complete.) The installation is covered in pictures very well on sysads.co.uk, so I will not write it down here again. 🙂

KeeFox asks if I want to save the password in my KeePass database
KeeFox asks if I want to save the password in my KeePass database

Now that we should be connected, we could try out logging in somewhere and saving the password. I’ll login to my blog backend and on the top of the screen KeeFox asks me if I want to save the password.

Editing an entry created from KeeFox
Editing an entry created from KeeFox

If we save, the entry appears in KeePass with the favicon of the page (my blog doesn’t have one) and title, user name, password and URL already filled. Sometimes it makes sense to change the URL or title, but mostly you are good to go and don’t need to edit anything. If you log out and open the login dialog again, the fields will be filled out and you only need to click the login button.

Sync with OwnCloud/Nextcloud

After the first two parts, we should have a comfortable setup for one computer. But most of us have more than one computer and want to use passwords all across them. Since I already use ownCloud (or rather now Nextcloud), I wanted to save the password database there. The server is administrated by myself, so I’m pretty sure that only I can access the data there. (Barring big security holes in PHP, bash, SSL, …) If you want to install it as well, you can follow the official documentation, but keep in mind that you’ll have to take care of security of the installation as well. In case you want to do this with Dropbox, you’ll have to trust them enough (whyever) and it should work just the same, I guess.

Password database in ownCloud
Password database in ownCloud

If you copy the password file anywhere in your local ownCloud (client) directory, the client will automatically sync it to the server. Now open the database file again from the ownCloud directory, every change you’ll make will be synced again. But since my password database is only about 50kb (I’m still migrating sites to the new password whenever I log in and have a minute), it’s no problem with nearly all internet connections.

When you now setup KeePass and KeeFox on a second computer (with ownCloud installed of course), you can open the database file from the local ownCloud directory and always get a current version of the database. I set up KeePass so that it closes the database after certain time of inactivity, so I never expect two KeePass instances adding new entries at the same time. But if you work with two computers side by side, make sure to save the database after adding a new entry and reopening it on the second computer before making any changes.

Update: I switched to nextcloud, but that doesn’t change the process here at all. But I discovered there is an app for nextcloud to open your Keepass database in the browser, Keeweb for nextcloud. Download the latest release and install it like any other nextcloud app. Then you can access your passwords easier, even when you aren’t at your own computer. Obviously you should only do that on trustworthy computers.

Keepass2Android: Android App

Now we should have a Firefox integrated password save, that is synced between our computers. Today smartphones are also used to connect to lots of services, each needing its own password. I for example need my Amazon password from time to time, to buy something while sitting in public transport. Instead of typing it in with people looking over my shoulder, I copy and paste it out of my password database now.

To do so, we can use Keepass2Android. Since the Android ownCloud client didn’t work well for me for keeping files local and updated, we connect directly via WebDAV to our ownCloud installation. Choose to open a password database:

Open a database on Keepass2Android
Open a database on Keepass2Android

There are a lot of services to connect to, but to connect to the ownCloud instance, we should use HTTPS and add the following (adapted) URL: https://owncloud.server.com/remote.php/webdav/path/to/the/pw.kdbx

Login with optional quick unlock feature
Login with optional quick unlock feature

Put in username and password of your ownCloud installation, and then the password for your database and you should be good to go. You can activate quick unlock, which doesn’t lock the database completely, but you only need to input the last three characters of the password to access it until you close the database manually. (At latest at a reboot.) If you don’t mind the reduced security, its a nifty feature.

The KeePass groups in the Android app
The KeePass groups in the Android app

After login you’ll get a list of all your passwords and groups. If we choose the amazon password entry, Keepass2Android will show two new entries in Androids notification area (next to the one that is already there because the database is open):

The username and password can be put into the clipboard from the notification screen
The username and password can be put into the clipboard from the notification screen

Those entries enable you to switch to your browser, pull down notifications, copy the password (or username) directly from the notification area and paste them in the website. There is a risk according to Keepass2Android that other apps might copy data from your clipboard, so the alternative is to use a special Keepass2Android keyboard instead the copy and paste solution. Whatever you decide.

Update: I switched to the integrated keyboard Keepass2Android provides. Whenever I open an entry, a dialog pops up that lets me switch the keyboard to a special keyboard that lets me access username and password with one button each. After closing the database, the keyboard switches back to my default one.


I hope that we have a comfortable synced password solution now, that we can access from our Android mobile as well. My last fear now was, what happens if the database gets deleted or corrupted in some way? In theory there is an ownCloud feature to keep old versions of a file around. But I don’t trust that. I want to have a backup with more than one version simply in my computers (or home servers) filesystem.

If you use windows (or don’t want to use self written scripts on Linux), I recently stumbled over Duplicati, an open source GUI backup tool, that also supports WebDAV. I’m sure it wouldn’t be hard to setup a backup job to save a copy of the password file from the ownCloud (WebDAV) server.

But I didn’t try it yet and I prefer this simple solution I can easily completely understand. I created a very short script using cadaver (a command line WebDAV client.) Create a directory, e.g. ~/.pwdatabase where you want the file saved and adapt the following script to your needs, I called it ~/bin/pwdatabase-backup.sh:


cd ~/.pwdatabase-backup
rm pw.kdbx
echo "get pw.kdbx" | cadaver https://owncloud.server.com/remote.php/webdav/directory/of/database/
mv pw.kdbx pw.kdbx-`date +%Y-%m-%d_%H%M%S`

After that we still need to save our ownCloud access data in a file ~/.netrc: (If you are more paranoid than I am, create a dedicated user just for the backup task.)

machine owncloud.server.com
login foo
password bar

Make sure to make the script executable and the .netrc as well as the backup directory only accessible by you:

lenfers@waxford:~$ chmod +x ~/bin/pwdatabase-backup.sh
lenfers@waxford:~$ chmod 600 ~/.netrc
lenfers@waxford:~$ chmod 700 ~/.pwdatabase-backup/

Last but not least, add a cronjob to run this script. This will run now every hour at the 42nd minute. Run ‚crontab -e‘ and put the following line in the editor that opens now:

42 * * * * /home/lenfers/bin/pwdatabase-backup.sh

You’ll now get files in your backup directory named like pw.kdbx-2014-10-12_193002 every hour. If you want the script to run at different intervals, check out a cron howto.

Conclusion, Security opinion and Todo

We should have installed and used the following software by now:

You should now have the possibility to create a password per webpage and sync it between different computers and mobile phones. If you haven’t done so, I would recommend to change a few passwords from sites that are important to you into long automatically generated ones. The password file should be in a lot of places, just in case it gets corrupted (which didn’t happen to me, I’m just cautious.)

I’m by far no security expert, but I want to provide you with my view on how secure this setup is. It shouldn’t be good enough for missile launch codes (but might be) or if you are in a position where you might be targeted directly (instead if being one among many victims of a site hack.) If someone were to breaks into your cloud account, they would only need to break your KeePass password offline and got access to all your accounts! Since I don’t expect to be targeted directly (shouldn’t have said that, should I? :-)) this will immensely increase security for me, because the damage resulting from big hacks on websites won’t affect me anymore outside of the hacked site. Also brute force attacks on my online accounts should be far harder now. Last but now least, I use two factor authentication as much as possible.

Update: Keeweb added in the cloud section. In the future I want to look into integrating a web interface into ownCloud (maybe based on WebKeePass?) so I could access my passwords easier from a friends computer without having to copy them manually from my mobiles screen, but I’m not sure when I’ll find time for that. If anybody has a working solution or good hints on how to do that easily, I would appreciate a pointer.

I hope this helped you to switch from a small array of simple to medium passwords to a system of one secure password per site. Any feedback is appreciated!


Why I cannot recommend Google Hangouts the way I recommended Talk

I was really curious about Google Hangouts. Their previous solution Google Talk worked a lot like I wanted it to, like the fact that it was based on an open standard (XMPP) or had XMPP federation enabled (so you could use it with people that didn’t use Googles servers.) But there were also things wrong or maybe not up to date. Definitely wrong was the fragmentation: There was Talk (standalone app, mobile client, integrated into Google Mail and Google+), but there was also another mobile app that came with the Google+ mobile app and was completely independent from Talk and last but not least there were online Hangouts. And in comparison to that gruesome WhatsApp (that AFAIK still doesn’t have a desktop client or an official way to run it on WiFi tablets!) it was lacking stuff some people missed, like the easy way to find your friends (with their number you already had) or adding images and group chats. But I always recommended Talk and never joined WhatsApp, since they have a really bad security history and I despise their take on client availability.

Generally I like some of the new features added in Hangouts, for example that they included the option to being found with your phone number. Google has mine already as a fallback in case something is wrong with my account, so I don’t mind, especially if I’m being asked and have the option to decline. (Google is getting a lot of my data because they ask nicely, but that’s something for another blog post.) And there are enough people that have my phone number but might not have my Google account info. There is also the matter of including images and other not text stuff. I didn’t expected it, but I enjoy the possibility to quickly send over a pic. And even though XMPP supported group chat as well, Google never implemented it in Talk. But they added the possibility in Hangouts, which is also a nice and useful thing in my book. So they improved in some areas that really needed it to stay relevant.

But sadly they made at least as many things worse:  A small thing, hopefully to be fixed soon, is the missing online indicator on the mobile. Another problem I experienced over the last few days is that there is sometimes a delay: I had chat message notifications in my browser that I opened up immediately just to find a chat message that was send 20 minutes ago. I get that mobile notifications can be a bit flaky sometimes, but my desktop should notify me at once when I get a new message in my instant messenger. I also have the feeling that the mobile app uses lots of resources, but I didn’t measure it. It is just a feeling that since I upgraded, I have to wait for my home screen on my android to load far to often. As far as the more integrated messenger experience is concerned they failed so far: This YouTube video  shows how inconsistent it works with video chats.

All those things might be fixed in the future, there is nothing fundamentally wrong. But I think the worst decision they made is switching away from an open protocol to their own closed one. Google had been very good in the past with public APIs and open protocols so that external developers could connect to their services. But it feels like they are turning their back on all of that, especially in their newer products. Google+ still has no way of using external clients (I for one would like a „one client for all my social networks“ solution and only Google is stopping that) and now the messaging solution is turned from open and federated to completely closed. (So far, but given that Google+ is without external apps for about two years now, I wouldn’t hold my breath as I tried after the Google+ launch.) This past openness always made me recommend Talk. I knew if I used Talk, I could also communicate with my old contacts from Jabber (XMPP) and in theory with the help of transports even other networks like ICQ or MSN. Every chat solution I used with the exception of XMPP and therefore Google Talk forced you to make your friends use the same network as yourself to be able to communicate with them. Or switch over to theirs. If somebody told me before Hangouts they don’t like Google and don’t want an account, I could tell them to use any server listed here (or even run their own) and we could still communicate. I know it would have been hard to implement the new features in compliance with XMPP, but it doesn’t change the fact that I’m afraid that Google loses their openness. With the Google Reader fiasco Google lost a lot of trust and I’m growing more suspicious ever since.

Sure I’m going to use Hangouts and I hope they’ll improve at least the functional problems mentioned above. I’m still very involved in Googles infrastructure and I still trust them with lots of my data. But my trust in their openness, doing no evil and the quality of their services is damaged and I’m unsure if they’ll ever get it back as it once was.


Tiny Tiny RSS: More open source Google Reader alternatives

I posted about selfoss last week, an open source and self hosted rss reader as alternative to Google Reader. After installing it and posting about it, I stumbled across an even feature richer software: Tiny Tiny RSS. Despite the name, TTRSS really isn’t tiny, it’s features are for example:

  • Very good import from Google Reader (OPML import and export.)
  • Nice clean AJAX interface, as well as a mobile interface and mobile apps.
  • Keyboard shortcuts.
  • Easy installation, requires PHP&MySQL.
  • Multiuser support.
  • Plugin support.
  • Multiple language support
  • Filtering and scoring, I’m quite curious if I find a cool use for that feature.
  • API to access it with other services, for example desktop clients

Tiny Tiny RSS Screenshot

Installation is quite easy, the official documentation should be sufficient to get you going. After installation you might want to do one or more of the things I did:

First I got my Google Reader data imported: Export your feeds from Reader and extract the subscriptions.xml from the archive. You can upload it to ttrss in the settings dialog under feeds, OPML. Next I activated some plugins under settings and plugins. I activated the Google+-sharing plugin and the mail plugin, but there might be others that could be useful to you. After that I installed a plugin for Chrome to be able to subscribe to feeds directly from the browser. Install the plugin and open the plugins settings to add „http://yourservername/public.php?op=subscribe&feed_url=%s“ as a service. Firefox users might want to check this article instead. If you prefer a more Google Reader like interface, check in this forum, there are lots of CSS snippets going around that try to accomplish that.

And I guess that’s it, ttrss is filling the hole Reader left quite well for me. My workflow hasn’t changed much and the differences might prove to be valuable additions in the future. I’m very curious what kind of plugins the new users create and what more they are going to do with the API. What are you using as a feed reader now?


selfoss: Self hosted alternative to Google Reader

Screenshot of selfoss with the special source to get the full article in the heise feed
Screenshot of selfoss with the special source to get the full article in the heise feed

Update: I switched to Tiny Tiny RSS, which already has far more features I wanted, I also blogged about my experiences.

Since Google Reader announced that it is going down, lots of articles describing alternatives came up. I wanted to host my own RSS-Reader for some time so this was the final reason to do it. Since I couldn’t make Newsblur work on my own host last time I tried it, I tried selfoss which is a great deal easier. Here are my first impressions of selfoss:

  • Nice user interface, even on my android phone.
  • Got keyboard shortcuts very similar to Google Reader.
  • Not only RSS sources but some special sources to get full content of sites that only have a teaser in their RSS feed.
  • The article text is divided into three panes much like a newspaper.
  • Easy to install (only PHP needed, MySQL optionally.)
  • At the moment there is sadly no way to read by feed, only by category or tag. Hope this will be integrated in the future. I would like to be able to have a view just like in Google Reader, where I can view whole categories but also a single feed from the category. But I’m managing by creating categories with only one feed in them.
  • I’m also missing an option to automatically mark an item read when I open it.

So selfoss isn’t a perfect solution for me, but I might try and add some of the missing features myself and I bet after todays news more user will use and therefore enhance it. If you just want to install it on your hoster without MySQL, it is really simple. To let it run in my Ubuntu server I had to enable the rewrite and headers modules and create a cronjob for the updates:

sudo a2enmod headers
sudo a2enmod rewrite
sudo service apache2 restart
sudo echo "*/5 * * * * nobody wget -o /dev/null http://your.domain/selfoss/update" >> /etc/cron.d/selfoss

Update: If you are running on a Debian with default settings or get a 500 server error on other distributions, try to add „AllowOverride All“ in your webserver/vhost config. (source)

I’m running it with MySQL and authentication with this configuration file (config.ini in the selfoss directory):

rss_title=selfoss feed

Changed remote layout for my samsung tv with kodi/xbmc

When you connect the Raspberry Pi with Raspbmc (or OpenELEC or probably any Kodi distribution) to a CEC enabled TV like my Samsung UE40ES6710, it is possible to control it directly with the TV remote without the need for another remote and the quest to find a working IR receiver. Sadly some buttons on the remote were not mapped in a useful way with my TV. For example the exit button quits all menus, while the return button closes only the current one. Those two were switched while using Raspbmc, which is quite confusing and annoying.

You cannot map all keys, because the TV keeps control of some of the keys like volume control or switching source. I put all the keys that I might want to change (and that can be changed) into my config file and set them up or deactivated them. (The red button was always trying to load the PVR addon, which I don’t use at the moment.) The config can be found in ~/.xbmc/userdata/keymaps/remote.xml, which you usually  have to create manually. It overwrites the default config in ~/.xbmc-current/xbmc-bin/share/xbmc/system/keymaps/remote.xml. You can check out the default config for inspiration, but you should only add your changes to ~/.xbmc/userdata/keymaps/remote.xml since they might be overwritten otherwise. There is also a list of actions you can use on the XBMC-wiki.

This is how my config looks like at the moment:

<!-- general key mappings -->

<!-- return -->

<!-- exit -->
<!-- pre-ch -->
<!-- guide -->

<!-- chlist -->


<!-- color keys -->


<!-- keys during video playback -->&nbsp;

<!-- return --><!-- exit -->
<!-- pre-ch -->
<!-- guide -->
<!-- color keys -->


Download remote.xml

I tried to emulate my TVs return/exit behavior with opening the shutdown menu on exit. The important context menu action is on the yellow key (since it is labeled with „C“ on my remote) and I put the info action next to it on the blue button. I also switched some other stuff around, but you don’t need it really. The important buttons you need (which mostly where mapped in the default setting) are cursor keys, ok, back, play/pause/stop and the context menu. Then you should be able to control your XBMC very well, everything else are shortcuts like the info button or the button to toggle if you saw a video already.


Switch from Unity to XFCE

I tried using Unity since Ubuntu removed Gnome2. I don’t like Gnome3 so I stuck with Unity for quite some time, hoping I would get used to it. But I did not and bugs that hide the dock depending on uptime (Bug) really got me over the edge to look elsewhere. (I’m ashamed to admit I rebooted my computer many times before I even took the time to researched it.)

Now I switched to XFCE 4.10 with a gnome-session for keyring and nautilus, which I prefer to Thunar. (This german tutorial was helpful in achieving this.) I added a dock with Avant Window Navigator and changed a few key bindings. Now I’m nearly happy, there seems only one thing missing: I would like to have AWN react to Win+1…9 like the dock does on Unity or Win7.


This is how my left screen looks like. I think optics are nice and it is a useful more traditional setup than the unity stuff.


XMBC in my car

Today I went through my things looking for a device with composite video output, since that is (in 2012!) the input the display in my Seat Altea XL understands. The only and yet so fitting thing I could find was my Raspberry Pi. I installed Raspbmc (an XBMC specially prepared for the Raspi) on an sdcard, plugged the audio and video cables into the car, added power through a 12V adapter in the car and booted away. The result can be seen in the pics at the end. The Raspi doesn’t need much power (~0.7-1.0A), stays cool and has no movable parts, making it perfect for usage in a car. Of course if you don’t connect audio to the car, you can just use headphones instead so you could watch something in the back while listening to music on your cars stereo. (Preferably deactivate sound on the speakers in the back, but that isn’t a problem.) Next thing on my list is a remote. I have a ATI/X10 USB remote lying around somewhere, that is supposed to work out of the box.


100% CPU usage with vdr and epgsearch

A few days ago I noticed that my server is at 100% cpu utilization, caused by vdr. I found out that epgsearch, a plugin to automatically schedule recordings, was at fault. To make a long story short, the solution is quite simple: I accidently removed localhost from the /etc/vdr/svdrphosts.conf, which caused the plugin problems. Simply add to the file and you should be good again. (Thanks to umaier@vdr-portal for the solution!)


My first look at Google Events

I just created an event on Google+, since I invited some people over and I wanted to try test it. First I find it visually really cool, the animated images already there look very nice and you can of course upload your own.

Google wanted to structure „Events“ in three phases. Firstly before the event in the planing stage: Date, place (with integration into calendar and maps of course), RSVP (you can invite people without Google accounts as well) and I guess discussion. It is nothing you couldn’t do via mail, but getting directions with one click and having everybody included into the discussion (nobody forgetting to answer to all recipients) is a nice bonus. All in all, the first part is of course a necessity, but done good.

The second stage is during the event. You can activate „Party mode“ on your smartphone and all your images you shoot during that time are automatically added to the event. I don’t really see the big use in this, I could just upload my photos later. Since everyone who could see the images is at the event, there is no need to look at photos in real time in my opinion… Seems useless to me, but maybe I’m missing something here.

What I liked was the third phase: Afterwards everyone can upload all of his photos to the event and all participants (and only participants in the default setting) can see them together chronologically. Thats a sooo simple but nice thing. Normally if you get photos from friends after an event, they are usually numbered differently to yours, so you would need to (hopefully automatically) rename them into some date-time thing to mix them with yours or just leave them in the separate folder. In Events you can seen them all, but you can also filter by author if you want to see only photos a specific friend made. This is something I look forward to. I just hope there will be a download feature as well, because even though I like to have a few pictures online, I always want to have a copy on my hard drive.

I still have to find out how it works for people without a Google account, but I guess they get an RSVP mail with the details and a link to RSVP. But I think thats a good enough solution.

During the streaming of the Google IO keynote yesterday I thought this is an unnecessary and dumb feature. And maybe it is unnecessary (especially for people like me, where a lot of friends don’t have Google+ accounts or don’t use them), but it is surely not done dumb. Instead Google put some thought into what might be useful and did it in an visually nice way as well. Looking forward to using it for a few occasions. (Videos and more on Googles official Events page)

Android Apps Handy Tablet

Samsungs SmartStay Clone als App


Ich hab eben eine App getestet, die Samsungs Smart Stay nachahmt: ISeeYou. Smart Stay nimmt ein Bild mit der Frontkamera auf und prüft ob ein Gesicht zu sehen ist. Wenn es ein Gesicht findet, bleibt der Bildschirm an, ansonsten geht er nach dem eingestellten Timeout aus. Beim Lesen von E-Mails oder Webseiten, kann es durchaus vorkommen, dass das Display aus geht, obwohl man noch liest, deswegen fide ich Samsungs Idee gut, leider konnte mein Galaxy Nexus das bisher nicht.

Ein erster Test mit der light Version von ISeeYou hat gut geklappt, solange ich auf das Display geschaut hab, ist es an geblieben. Einstellungen gibt es keine, man kann den Hintergrunddienst aktivieren und deaktivieren. Rechte sehen auch OK aus: Nur Zugriff auf die Kamera und Standby ausschalten, das ist natürlich beides essentiell um die Funktion der App zu erfüllen. Internetzugang oder Zugang zur SD-Karte hat die App z.B. nicht, somit sollte das Ausspionieren nicht so leicht möglich sein. Was ich mir noch wünschen würde, wäre dass es nur das Icon in der Benachrichtigungsleiste anzeigt und nicht auch noch einen weiteren Eintrag zum drauf klicken. Das verschwendet mir zu viel Platz und sollte nicht notwendig sein um den Dienst im Hintergrund laufen zu lassen, wenn man schon ein Icon hat.

Bin gespannt ob es sich negativ auf den Akku auswirkt, ich hab den Display-Timeout nun mal auf 15s gestellt und die App aktiviert, subjektive Langzeittests werden vielleicht noch folgen. 🙂