On-device encryption at rest

[philmui]

Feature: encrypt data stored on device with a device-specific key that is non-trivial to decrypt (e.g., key > 2048 bit).

Why: for rooted devices, it is imperative to prevent other apps to access Safe Paths data.

[tremblerz]

Thanks for bringing it up. This is a highly needed feature from safety perspective. Do you mind opening this issue on the Safe-paths repository?

[penrods]

Protection of individual data is very important. The system provided here is not intended to be a complete solution -- data storage by a specific Healthcare Agency should abide by all the norms associated with the kind of private data which is collected by a contact tracer. Within healthcare organizations this is often protected by hardware encryption and/or a backend which implements the Safe Places API. The default implementation shown here is not about that stage, it is about the raw data which the healthcare system needs to be able to access during this trusted interview process.