Comment Re:But Android is Linux! (Score 2) 277
Except that the app isn't open source. If it was someone probably would have spotted this sooner. So if anything this highlights the danger of using closed source anything crypto related. Sure OSS stuff might have problems, very very clever people might be able to insert back doors and weaken algorithms in ways others might not see, and any software can have subtle bugs, but at least very basic FRAUD as in it does not even attempt to do what it claims would get spotted.
That and the authors probably never would have published the code because lets face it; in 2015 if you know what a bitwise operation is and how to use XOR you know while it might be useful in the act encrypting plain texts it does not itself provide encryption if you just use some static byte over and over again. Shame is a powerful tool, really all of society rests on shame and seeking to avoid it at some level.
The second lesson here is that the app store tramp stamp does not mean you are dealing with quality software, anymore than the old winlogo program ever did. At most it means some basic user interface level QA testing happened. Probably not much better than "we ran the app it appeared upon cursor inspection to have done something that could be similar to what is claimed, it did not crash, and did not display a goatse.cx page." They don't dig into the detail. If something says it encrypts documents, and they don't open when "encrypted" and do open when "decrypted" that is all it takes to pass this level of testing.
Just because you paid for it and got it from an app store does not make trust worthy.