Andymase Posted January 26, 2018 Report Share Posted January 26, 2018 Hello there I'd like to share something very scary that happened to me a few days ago. I searched for Enpass on the Google Play Store and downloaded the app without checking it thoroughly. The app installed, and looked like Enpass, the only difference was the icon: instead of the usual keyhole in a blue circle, it looked like a pile of sheets with a keyhole in the middle. I launched it and it asked me whether I wanted to type in new data or restore previous data from the cloud. I chose to restore the data from Dropbox (I'm already using Enpass on other devices) and the app tried to connect with no success. It said it was impossible to connect and to try later. I tried a few days in a row, getting always the same result. Today I tried again and this time a message in a window popped up, saying that "probably an app on my phone was trying to connect to Dropbox in a fraudulent way and that Dropbox refused the connection". I panicked and uninstalled the app, going back to the Play Store to check for it. The app was not there anymore, and I downloaded what looks like the real Enpass. Now I'm scared to death. What if this fake app actually connected to my Dropbox and download the stored passwords? Many thanks for any suggestion. Andrea Link to comment Share on other sites More sharing options...
Ivarson Posted January 26, 2018 Report Share Posted January 26, 2018 If you didn't enter your masterpassword, the passwords isn't readable, even if the wallet was downloaded and passed to a third party. You should probably check https://www.dropbox.com/account/security to review past events Link to comment Share on other sites More sharing options...
Andymase Posted January 26, 2018 Author Report Share Posted January 26, 2018 The fact is that I did enter the masterpassword since it's required to sync with the Dropbox backup file and the app appeared legit. I still hope that was just an old legit Enpass version the developer left on the Play Store side by side with the current version. Link to comment Share on other sites More sharing options...
Gwen Prill Posted January 27, 2018 Report Share Posted January 27, 2018 You better change your master password right away just in case. Link to comment Share on other sites More sharing options...
Guest Akash Vyas Posted January 29, 2018 Report Share Posted January 29, 2018 Hey @Andymase We absolutely understand your concern for the safety of your data and we're here to help you with it. Actually, the icon you described for the app resembles an older version of Enpass. It might be possible that you installed the older version from your own Apps library (history). We've replaced in on the Play Store long back with the newer version and searching for Enpass must not show two different versions. Just to verify this, check the attached screenshot and let me know if this is the same app that you installed. Also, please log in to the Play Store on a desktop browser and navigate to My Apps (Installed history) and look up for the version of Enpass you installed. Further, you mentioned that 'The fact is that I did enter the master password since it's required to sync with the Dropbox backup file and the app appeared legit.' Here I would like to know if you are using Enpass 5.0 or later versions on your devices (with the Dropbox sync enabled) as after entering the master password, Enpass should directly sync with Dropbox and as you mentioned you got the error "it was impossible to connect and to try later", this means that the version is no longer compatible to be synced. Waiting for your reply! Link to comment Share on other sites More sharing options...
Recommended Posts