Greetings, everyone. I apologize for the long, empty silence. Due to many factors outside of my control, I’ve had very little time to devote to Cryptnos development or this site in recent years. Some of those reasons are personal, some professional, but all have reduced any “recreational” software development time I’ve had to virtually non-existent. Life is frequently filled with the need to set priorities, and while work on this project has always been entertaining and rewarding, my family, professional career, and commitments to pre-existing projects have always come first.
In light of this, I’m afraid I must formally announce the end-of-life and end of support for Cryptnos for Android. Recent changes in the Google Play store now require Android apps to target Android 9 (API level 28) or higher. Previously, this requirement was set for all new apps and updates to existing apps, but Google is now pressing for all apps, both old and new, to upgrade by November 1, 2019 or face delisting. The reasons behind this decision are actually very sound: API level 28 and above have a number of important security enhancements to protect Android users, and apps targeted at lower versions lack these protections and thus pose a potential security risk.
Cryptnos was intentionally targeted at a lower API level (currently 11) for compatibility reasons, to make it available to the widest possible audience. At the time, the Android ecosystem was heavily fragmented, with many older devices still in use with no suitable upgrade path besides buying a new device (an option that was not always available in certain locations). While we’ve occasionally pushed out an update here and there to deal with earlier minimum API requirements, this time it just won’t be feasible for us to upgrade within the specified time frame. The Android development chain has changed vastly since the last time I opened the source: the IDE has migrated from Eclipse to Android Studio, the API has been revamped numerous times, and how devices deal with physical factors such as screen size and orientation have changed dramatically. For me to upgrade Cryptnos to meet this requirement will require a major migration process and thorough code review, if not a significant rewrite, none of which I have time to address before the deadline.
So what does this mean for you? Here are few options for you to consider:
- If you currently have Cryptnos installed on your Android device, it should continue to work. Google has not said anything about removing existing installs that do not meet the new API requirements. Recent versions of Android (9 (Pie) or higher) may issue a warning the first time you open the app, informing you that Cryptnos is not optimized for your version of Android. This warning is a good precaution but can be safely ignored, at least with Cryptnos; the app should still work just fine. That said, we will not be issuing any further updates via the Play store, and if you upgrade to a new device, Google Play is not obligated to reinstall it during the automatic migration process. You may want to consider migrating to a new Android-based password management tool now before Cryptnos disappears.
- If you wish to continue using Cryptnos after it is removed from the Play store, such as reinstalling it on a new device, you should be able to “side load” the APK by downloading it from this site and installing the app manually. There are notes on the main Cryptnos for Android page on how to do this. Note that “side loading” apps is generally not recommended as it introduces possible security risks. There is also the possibility that Android may, in the future, prevent the manual installation of apps that don’t meet a minimum API requirement. Google hasn’t threatened this (yet), but it remains a possibility.
- If you are not a current Cryptnos user but have been considering giving it a try, we sadly suggest you look elsewhere. Check out our recommendations below for alternatives.
As always, we strongly recommend that you use Cryptnos’ export feature to back up your password list no matter what. Export files generated by Cryptnos for Android are 100% compatible with Cryptnos for Windows, so you should have a means for accessing those passwords later so long as you (1) back up your password parameters regularly and (2) have access to a Windows computer with the .NET Framework installed. (Cryptnos may work on other platforms such as Mac or Linux using third-party .NET Framework clones such as Mono, but this is not officially supported at this time.)
As for an alternative, my main recommendation would be LastPass. While I still use Cryptnos personally, LastPass is highly recommended by a number of sources I trust, and my wife uses it regularly herself, so I have some familiarity with it. (I tried to turn her into a Cryptnos convert, but alas I wasn’t able to convince her.) LastPass has a powerful Web-based interface, as well as plugins for most browsers and apps on both Android and iOS. Migrating from Cryptnos to LastPass should be fairly simple, although we recommend you do so on a computer rather than on your mobile device, just to make things easier:
- First and foremost, back up your Cryptnos password parameters by exporting them to a file.
- If you haven’t installed Cryptnos for Windows, do so now and import your exported parameters into it.
- Set up your LastPass account and log into it using your favorite Web browser.
- For each Cryptnos password, use Cryptnos and your master password to generate your final password, and either manually copy it to the system clipboard or turn on the Copy password to clipboard option to do so automatically. Then use the LastPass interface to set up a new entry for that password, copying it into the password field.
- Install the LastPass app on your mobile device. Since your passwords are encrypted and stored in “the cloud”, they should sync to your device and be readily available.
If you chose not to use LastPass, make sure to thoroughly and careful vet any other password manager before committing to it. There are a lot of “password managers” in the Google Play store, but not all of them are trustworthy. Stick to an app with a high rating from a large number of users, or one that has been recommended by a reliable third-party source.
As another alternative, you can always use Cryptnos Online in your favorite mobile browser. Note, however, that you will lose the ability to save your parameters and will have to re-enter them each time you need to regenerate a password. (I know how annoying this can be, as I’ve had to do this periodically when needing one of my passwords on the occasional iOS device.)
For the time being, I will be keeping the Cryptnos for Android APK available here on the site for anyone to download. There is also the Cryptnos for Android GitHub source repository, where the source code will remain available for anyone who wishes to look at it or even fork it. If you are an aspiring Android developer (and a masochistic glutton for punishment), I wouldn’t mind if you want to fork it, update it, and republish the app yourself. That said, bear in mind that you cannot publish it as an “upgrade” to the existing app, as all Play Store APKs are signed and we will not be sharing our signing key. I also ask any forks be released under a different name (i.e., do not call your app “Cryptnos” or any variation thereof) and that you be upfront and honest that your version is an unofficial, unendorsed fork. (I will not “bless” any derivative versions, especially if I cannot review the code.)
Cryptnos for Windows and Cryptnos Online are, for now, staying right where they are. Unfortunately, I can’t speak to any future updates to either one (see the first paragraph above), but unlike the Android app, I don’t have any external requirements forcing my hand.
To everyone who has ever installed my little app—especially those who have stuck with it all this time, despite my silence—I sincerely thank you for your support. Whatever you chose to do, please continue to use a powerful, trusted password manager, as well as promote the use of such tools to your friends, family, and peers. Until true passwordless alternatives for authentication become mainstream (and some are on their way), a good password manager (plus two-factor authentication) is your best defense against hacking and identity theft.
Think smart and stay safe, everyone.