I'll try explaining this at a high level. I am not giving out real, usable hacks or code.
K8y I don't understand the distinction between app launcher, database and app?
Context:
- On GOS, there are protections to stop 1 app from accessing the files of another app. Every app you install has limited power
- The system and system apps have more authority or access.
- Keep it mind: when the phone boots up or restarts and it hasn't been unlocked yet (called "BFU"), every app and file is encrypted--unreadable & cannot be opened.
Anyway, let's pretend a virus got around several protective walls and the phone is hacked--each wall being a new, difficult puzzle to solve.
Database:
(A file like a picture or Microsoft Word file)
Your messages could be in a file like this (called "plaintext"):
Hi Matt 09:00 1/2/23
Hi 09:01 1/2/23
Or the database file could be encrypted and look like this:
xeknKh8w.E79\F-Br|1:&#Q4w9=f!HjBGF3.dI,O(
p$@.PbL*7OvB~;X|Rp$(ai,;jOY
You'd need the secret key to change the encrypted file back into the plaintext, readable file.
There isn't a way around getting into the encrypted database without some weakness in how the key is stored and you have to trust molly or whatever app it is. This is why trusting vibe coded apps (AI created) can be dangerous with privileged access or information--it's likely incorrect/weak.
Launcher App (AKA Home App)
It sounds like you changed this from the default over at:
Settings > apps > default apps > home app
When you first unlock your phone and see the "desktop," everything you see is the launcher app except for the top status bar and the very bottom. It is an app showing the background wallpaper, widgets, app icons, and the app drawer.
Naturally, any app is capable of password protecting a button inside of itself. Likewise, the launcher app can password protect the app icons on your phone's desktop so people cannot open it without the password.
On a related note, you are probably familiar with a desktop PC and seeing the chrome or Excel icon on the PC's desktop. This icon is not the actual app with all of its code, it is just a shortcut to the real app's location. So, while you could password protect the desktop icon to prevent access, there could be other ways to access the app on your PC. (e.g. go to My computer > C Drive > program files > google > chrome and open the app)
On your phone, your launcher app's logic for password protecting the app icon could be like this:
person taps on app > ask for password > Success > run(app)
However, a virus could just simply execute this command 'run(app)`
No password needed.
Remember that all user installed apps have limited power and access. The Launcher app is not a system app.
Locking a file on your windows PC is different than what I explained above. Locking a file on a PC is integrated deep in the system. It is harder to get around. (Keep in mind that an admin account can remove the lock and view the file)
App
Let's say you install an app and inside of the settings for it you can set a password that is prompted everytime you open the app--great!
However, maybe the coding of this is weak/poor or maybe all it does is it won't open the app without the password.
The database and files could still be readable or in plaintext. So, I do not need to open the app. I simply go to the location of the message database and view or copy that file. The same way I could go to My documents and copy all of my financial documents--I don't need microsoft Word.
Lastly, it is so much easier to do what I just explained above isntead of a virus opening an app and "clicking" buttons and scrolling around to view your messages.
This is because:
- It is very fast to simply copy a database file and have everything than scroll through text conversations for hours.
- Different phone models have different screen sizes. The pixels could be: 1080 x 2400, 1240 x 1900, etc. So, I need to naviage this app and if I program my virus to click at the x,y coordinates 50,75, it could be correct for some phones but far off for other phones)
- People can set their zoom or text size differently which would affect point #2.
- Apps can update and move buttons around--I need to update my virus everytime.
- It is intensive not only on time but also processing speed from the phone to do OCR on the messages inside of your app that you see as you scroll through your message history. (OCR is taking in a picture and analyzing everything pixel to see if letters exist then write those down) Also, it'd make the virus about 50x bigger to include all of the code for OCR--not that great or hidden.
You don't need to worry about being hacked if all you're doing is messaging people about interests, photos, and activities. Heck, everyday hundreds-of-thousands of criminals are documenting their activities over signal scott-free. If you're a journalist documenting government activities then hire a professional.
Of course with anything, if I mentioned that something can't happen, it can eventually if you don't update. That is why there are security updates to stay safe.