Im also on macOS + iOS duet and am using Proton Unlimited. It comes with password manager. Excellently done. Its quite pricey, but definitely worth every cent spent.
Tavis Ormandy (former Google Project Zero member)
The purpose of sandboxing is to isolate potentially compromised components from each other.
How important do you think it is that KeePassXC operates outside the sandbox in the situation presented above?
If you can, please direct me to a place where I can study situations where the absence of sandboxing does not affect password compromise.
Unfortunately my knowledge is not enough to do it myself because I can find answers, but Iām not sure of the authority of the source.
Basically Iād like to model a situation where we choose between sandboxing and not fully open source or no sandboxing, battle tests and open source.
by the way, is strongbox battle tested and audited?
I think they both are.
Ideally everything in a system that can be sandboxed should be sandboxed, but your password manager is one of your most trusted applications anyway. If thereās an application that Iād trust to run unrestricted, it would be the password manager.
I think that you canāt really go wrong with either, and since the use the same vault file format what you could do is try out both and see which one you prefer.
Iāve been meaning to revisit Strongbox myself, I might post a review later this week.
The good thing about Strongbox is that you can have Latin characters for your password. It makes it even more secure and is definitely overkill but itās cool to have unusual characters in your password.
The sandbox protects other apps and your system from your password manager there. Like in the event of an exploit, it would protect you. It doesnāt protect against malicious developers bc they could just turn the sandbox off in a future update. The sandbox doesnāt protect the password manager from outside threats, itās only protecting stuff on the outside from whatās inside the sandbox. So in the case of an offline password manager itās not so necessary but also confusing why they donāt have it.
The stated threat model is
App Sandbox ā a requirement for distributing your app on the App Store ā limits the scope for an attacker to abuse platform features via your app.
One nice feature is that a sandboxed app has access to a container that only it has read/write access to, but itās up to the app to use that. Also more important is whether it uses the OS keystore to protect your vault.
Also worth noting that if you install apps from the App Store you get some protection against the devs disabling the sandbox since Apple enforces it.
