Richard Riley writes: > org-mobile allows you to use some form of encryption when pushing to the > MobileOrg directory. Encrypts and works fine. The issue is that the > mobile app has a password setting to unencrypt but there is no > protection on the app itelf meaning anyone can read the org files from > thje mobileorg app itself kind of defeating the object since dropbox has > its own encrption based on id/pasword anyway. Please explain your threat model :-) Seriously, the fact that the org files are available on the phone does not seem any scarier than one's email being available on the phone. I am boggled that you think anything about dropbox security is ok. In my view, the whole point of org-mobile encryption is to put ciphertext only on the webdav server used to transfer between emacs and phone, so that the webdav server does not need to be trusted for confidentiality. It seems unwise to trust dropbox, given the lack of clarity around access to plaintext by dropbox staff, and encryption lets one comfortably use a shared web server whose admins are not cleared to see the private org data. > I realise I can encrypt > org entries myself (I do) using gpg keys but since there is no built in > gpg decryption facility in mobileorg thats hard work (you need to copy > the encrypted entries to oPenGPG which does feature app pin protection and > holds my secret key (which needs a password too)). > > Is there a way to protect the mobileorg app? Or do I need to manually remove > the password from the mobileorg settings each time? It seems like perhaps you want a phone-wide confidentiality solution.