Until recently, mobile platforms were not capable of doing the on-device encryption necessary for SpiderOak's No Knowledge implementation. In order to provide mobile functionality at all, with minimal exposure, SpiderOak implemented a special server. This server receives the user's login credentials from our mobile applications and does the "No-Knowledge" computation there, exchanging plain-text versions of your stored content with your mobile device.
- The server, and our mobile application's communication with it, are arranged to be as secure as possible:
- SpiderOak's servers support the latest TLS (https) communication protocol.
- Your password exists in the SpiderOak server's memory only for the duration of your browsing session.
- During that time, your password is stored in encrypted memory and is never written to an unencrypted disk, drastically reducing the possibility that server intrusion or staff access would expose your content or credentials.
- The moment your browsing session ends, your password is destroyed and no further trace remains.
- Access to the server is highly restricted to a few selected SpiderOak personnel.
- Despite these precautions, we want to be clear that the server is used by our mobile (and web) applications, which means that your credentials and unencrypted content will travel beyond your device. For complete "Zero-Knowledge," only access your account from your main devices.
- Android: a double click of the back button will exit the app.
- iOS: the app may be closed by swiping up from the iOS menu.
- Both: Settings > Logout
Recents and favorites are removed on logout, so details specific to logged-in activity are not leaked to the unauthenticated session.
STAY LOGGED IN
With this menu item selected, you will not be logged out by any method except by going to Settings > Logout. We strongly recommend setting a passcode if you select this option.
Any account can have a distinct, four-digit passcode and passcode timeout. Those choices are local to the mobile device where you set them - they are set independently on different mobile devices. At various moments in application operation, in order to easily authenticate the user, the application challenges the user to enter the passcode.
Those moments are: - Return the application after switching to another one, if the amount of time away has been longer than the selected passcode timeout Access to most actions that change the passcode.Upon changing the passcode, reentering the new one to confirm that what was entered is what was intended. - When the passcode challenge is being used to protect access to a logged in account upon return to the app, the passcode can be bypassed by tapping an X in the upper right of the challenge screen. - Upon confirming the bypass the application will logout of the current account and the user will be returned to the application login screen. - Any time that the user attempts to satisfy a passcode challenge and fails, they are presented with a notice of the number of immediately successive failure and that the limit is 5. After five successive failures the application logs out of the current account and returns to the login screen, as with passcode bypass, above. - Whenever the challenge is bypassed, the next time that the account is logged in on that device, the user will be notified that they had been logged out due to passcode challenge bypass. They will then be offered the choice of retaining or abandoning their current passcode. - The settings screen has an entry for the account passcode when the account is logged in. The entry indicates whether or not the current account has an assigned passcode. - If the account does not have an assigned passcode, then selecting the item prompts for the passcode and confirmation. If they're identical, then the user is returned to the main settings screen with the passcode indicated active. - If the account does have an assigned passcode, then selecting the item prompts the user for the current passcode. If the correct passcode is entered, the user is brought to the passcode details screen.
Often hidden under the left side of the main page is a menu of top-level sections, called the Menu Sheet. The main page slides right to reveal it when you hit the action bar "back" button from the top of one of the sections, or when you apply a swipe-right gesture to the action bar.
The menu sheet is covered by the main page sliding left, when you select one of the menu sheet items, or tap a blank spot on the visible parts of the main page.
The contents of the menu sheet vary depending on whether or not you are logged in. When logged-in, it includes these items that are not present when not logged-in:
- Groups Hive item
- Devices section
When not logged-in, the menu sheet includes the above, but with the addition of a Login item. In both situations, there is a Sections part with these items:
- About SpiderOak
Below the Groups Hive entry in the Menu Sheet is a list of devices registered for your account. The device entries include the respective logos of the device's operating system.
Tapping then entry for a device closes the menu sheet and places you in a view of the files and folders at the device's top level. You can perform all the Content Navigation and Content Handling on the contents.
ShareRooms SpiderOak user can select backed-up folders for other users to access via ShareRooms.
Each SpiderOak account has a selected Share ID, which is associated with every ShareRoom created in the account. Each ShareRoom has a distinct Room Key. People obtain access to each Share Room using its unique Share ID and Room Key.
ShareRooms can optionally have their own passwords, required for access to the contents of the ShareRoom.
The comprehensive list of ShareRooms associated with a SpiderOak account is available only to users logged in to the account. That way they can choose to whom they reveal the the details - Share ID and unique Room Key, as well as optional password - of the individual ShareRooms.
When logged in to an account, the application's ShareRooms section is divided into two subsections:
- "My ShareRooms", with the list of ShareRooms associated with the account.
- "Public ShareRooms", with the list of any ShareRooms that the user has explicitly elected to visit with the app. When not logged in, the ShareRooms section only shows the "Public ShareRooms" subsection.
The Favorites section contains a list of files that have been registered for it using the Add to Favorites action, or by tapping on an empty star on the right side of all file item entries.
Stars of files that are currently registered as favorites are filled with orange. Tapping on the star of registered favorites, or selecting the Remove from Favorites action, deregisters them, removing the stars orange coloring.
When files are registered as favorites, a copy of their entry is included in the Favorites section. Their content is stored locally on the mobile device so it is immediately accessible when the file is viewed or shared. Because the content is locally stored, a favorited file's content is also accessible when the device is offline.
Unlike Recents, Favorite status lasts across sessions, until the user deliberately deregisters them. However, favorites are associated with the current account, and the list is cleared when the user logs out.
The first time in the use of the app that you select an item as a favorite, you are presented with a dialog explaining that the content will be downloaded, and asked for confirmation. If you accept, that dialog will not be presented to you again, and the item gets favorite status. If you refuse, then the item will not get favorite status, and you will be presented with the confirmation dialog next time you initiate marking an item as a favorite.
Any time that you tap the star of a file already registered as a favorite, you will be prompted to confirm that you want to unregister the favorite status.
You can use the recent entries to return to files that you have taken actions on during the current app session. The accumulated recents list is maintained only until the end of the session, until the current account is logged out, or until the user manually clears the list.
Currently, you are unable to upload documents using the Mobile Application. We are working on including this feature in a future release.