p≡p for Android

Overview

This section covers the system requirements, feature list, installation- and user-guide of p≡p for Android.

System Requirements

  • Mobile phone or tablet with Android version 5.0 and higher
  • Google Play store or F-Droid
  • E-Mail account accessible through IMAP/SMTP

Feature list

  • Encrypt/decrypt emails and their subjects
  • Untrusted server (save emails encrypted on the server) / Trusted server (save decrypted emails on the server)
  • Compatibility with OpenPGP (exchange messages with OpenPGP users, key server lookup, display fingerprint, blacklist keys, disable subject encryption)
  • Passive Mode (public key only attached if the communication partner uses p≡p)
  • Import Private Key from other p≡p or OpenPGP devices
  • New material design UI
  • Multilanguage support including Trustwords (Catalan, English, French, German, Spanish, Turkish)

Installation of p≡p from Google Play Store

Note

Before you install p≡p on your device, we strongly recommend you to encrypt your device.

The installation is straight forward, asks no questions and requests no information.

Step 1. Go to Google Play or open the Google Play Store app Play Store.

Step 2. Search for “pEp” or open the following link https://play.google.com/store/apps/details?id=security.pEp

Step 3. Touch the p≡p app’s price button to install. After a few seconds, the “Open” button appears and when you press it, the p≡p opens with the following screen:

_images/pEp4Android-v1.0.200rc1-FirstStart1.jpg

Installation of p≡p from F-Droid

Warning

Before you install p≡p on your device, we strongly recommend you to encrypt your device.

The installation is straight forward, asks no questions and requests no information.

p≡p can be found in standard F-Droid repository

Step 1. Open the F-Droid app.

Step 2. Search for “pEp”.

Step 3. Touch the p≡p app’s install button to install.

Step 4. Follow the on-screen instructions. After the installation, you will be able to see the p≡p icon on your screen.

User Guide

First steps in p≡p for Android

In order to use p≡p, you need to setup your email account. As soon as the email account is set-up, you can use p≡p without any additional configuration. It is not necessary to change any Android settings for p≡p to work.

At the first start the app will ask you to give some permissions:

_images/pEp4Android-v1.0.200rc1-PermissionScreenAfterInstallation.png

Reading contacts permission is to autofilling contacts when writing emails. It’s optional and you can change it anytime. We are not collecting any contacts, everything stays on your device.

_images/pEp4Android-v1.0.200rc1-PermissionContactsAccess.png

Download files permission is there to simply allows you to save attachments from emails to local storage. It’s optional and you can change it anytime.

_images/pEp4Android-v1.0.200rc1-PermissionFilesAccess.png

Disable battery optimizations permission is making sure that Android system will not close the app and app can still receive emails in the background. It’s optional and you can change it anytime.

_images/pEp4Android-v1.0.200rc1-PermissionIgnoreBattery.png

Now, you will need to add your email account(s). In case you have a Google Account, select “Use OAuth 2.0 token”.

_images/pEp4Android-v1.0.200rc1-SetupNewAccount.png

On the next screen you enter the detailed account settings. You should have this information from your email provider or administrator.

IMAP settings

_images/pEp4Android-v1.0.200rc1-screen_imap_settings.png

SMTP settings

_images/pEp4Android-v1.0.200rc1-screen_smtp_settings.png

Account Settings

On this screen you can configure account specific settings, e.g. how frequently p≡p should poll messages from the server. For more information about the last option “p≡p - Trust server and store mails unprotected”, see Server Trust (store messages securely).

_images/pEp4Android-v1.0.200rc1-SetupAccountSettings.png

Account Name

On the last screen you can set a name to the account (this is how the account will be displayed in your account list) and also enter your own name (displays on outgoing messages).

_images/pEp4Android-v1.0.200rc1-SetupAccountName.png

After you entered all your account settings, p≡p app will generate private keys. After this step you can immediately send and receive encrypted emails.

p≡p for Android users will now see the ‘Privacy Status’ bar displayed on top of opened messages (in this case Gray). Clicking on the p≡p icon in the Privacy Status will provide additional information on the available trust level.

_images/pEp4Android-v1.0.200rc1-MessageViewGray.png

Sending Secure Emails

After a message from another p≡p user is received and you reply to that message, the Privacy Status on the top of the message is yellow. This means, that this message will be sent encrypted. The same applies if a user enters an email address for which p≡p automatically finds a public key on the public PGP key server (optional setting). Please note, that the very first message between two p≡p users will be sent unencrypted.

_images/pEp4Android-v1.0.200rc1-MessageViewYellow.png

The Handshake

For general information about the handshake, refer to Handshake.

To perform a Handshake, the Handshake dialog can be opened by clicking the Privacy Status. The following window appears:

_images/pEp4Android-v1.0.200rc1-PrivacyStatusSecureYellow.png

You can change the language of the Trustwords after touching 3 dots in the top right corner. There is choice of 6 languages: Catalan, German, Spanish, French, Turkish and English.

_images/pEp4Android-v1.0.200rc1-PrivacyStatusHandshakeTrustwordsLanguage.png

Choice of Trustwords languages:

_images/pEp4Android-v1.0.200rc1-PrivacyStatusHandshakeTrustwordsLanguageSelector.png

After selecting Trustwords in Spanish:

_images/pEp4Android-v1.0.200rc1-PrivacyStatusHandshakeTrustwordsLanguageSelectedSpanish.png

In case your communication partner is an OpenPGP user, you can also open the PGP fingerprint:

_images/pEp4Android-v1.0.200rc1-PrivacyStatusHandshakeTrustwordsLanguage.png _images/pEp4Android-v1.0.200rc1-PrivacyStatusHandshakeTrustwordsPGPFingerprint.png

After comparing the Trustwords with the communication partner through a separate channel, select “Confirm Truswords” if the Trustwords match otherwise “Wrong Trustwords” if the Trustwords didn’t match. After you confirmed the Trustwords, the Privacy Status changed to Green (Secure & Trusted).

This step is done once with each communication partner and any future communication remains Green (Secure & Trusted).

_images/pEp4Android-v1.0.200rc1-PrivacyStatusSecureGreen.png

Sending a message to multiple people with different Privacy Statuses

When sending a message to more than one person, you simply add the recipients to the message. The Privacy Status bar at the top will show you, if the message will be sent encrypted or not. In the below example you can see that there are 3 recipients. Because only 1 recipient has p≡p or a compatible product installed, the message will be sent unencrypted.

_images/pEp4Android-v1.0.200rc1-MultiplePrivacyStatus.png

Disabling Protection when the communication partner’s Privacy Status is Yellow (Secure) or Green (Secure & Trusted)

When the communication partner’s Privacy Status is Yellow (Secure) or Green (Secure & Trusted), the e-mail will automatically be sent encrypted, when the user clicks ‘Send’. If the user would like to disable protection on a case by case basis, then the user can do so by selecting the ‘Disable Protection’ button in the options of the message.

_images/pEp4Android-v1.0.200rc1-DisableProtection.png

The Privacy Status as well as the rating for a communication partner will change from Yellow (Secure) or Green (Secure & Trusted) to Gray (Unsecure) and the message will be sent unencrypted when the user presses ‘Send’.

_images/pEp4Android-v1.0.200rc1-DisableProtection-Gray.png _images/pEp4Android-v1.0.200rc1-DisableProtection-GrayStatus.png

Key Import

This section explains how key import works in p≡p for Android. Be aware, that key import only works, when exactly 2 clients with p≡p installed are connected to the email account. If you have 3 or more devices, make sure only two are connected at the same time (e.g. Enable Flight Mode).

Also consider, that you need to start key import on your new device. E.g. if you already have a computer with p≡p installed and you just setup a new phone with p≡p, you need to start the key import process on the new computer. This is especially important if you use 3 or more devices with p≡p.

Importing p≡p keys (from another p≡p device)

Follow these steps if you already have another device with p≡p and you want to import the keys from there.

To start a key import process in p≡p for Android, click the hamburger icon on the top left, select the arrow down next to the account name.

_images/pEp4Android-v1.0.200rc1-KeyImport1.png

Then click Manage accounts.

_images/pEp4Android-v1.0.200rc1-KeyImport2.png

The Accounts screen appears:

_images/pEp4Android-v1.0.200rc1-KeyImport3.png

On the Accounts screen, long press on the account for which you want to import a key. When the menu appears, select Key Import and then p≡p Key Import:

_images/pEp4Android-v1.0.200rc1-KeyImport4.png _images/pEp4Android-v1.0.200rc1-KeyImport5.png

The following screen appears. Press Start to start the Key Import.

_images/pEp4Android-v1.0.200rc1-KeyImport6.png

Then, the following screen appears:

_images/pEp4Android-v1.0.200rc1-KeyImport7.png

Open p≡p on the second device. After a minute or two a dialog appears. It is asking, if a Key Import process should be initiated. Press Start. The second device will immediately show a Handshake dialog. Shortly after a Handshake dialog will also appear on your first device:

_images/pEp4Android-v1.0.200rc1-KeyImport8.png

Compare the Trustwords between the two devices. If the Trustwords match, click “Confirm Trustwords” on both devices. The following screen appears:

_images/pEp4Android-v1.0.200rc1-KeyImport9.png

p≡p is now is now importing the secret key from the other device and setting it as the default key to use. Shortly after, a confirmation will appear on both devices

_images/pEp4Android-v1.0.200rc1-KeyImport10.png

Importing key from local file system

It is also possible to import your PGP keys from the local file system on your Android device. Keys with a Passphrase are currently not supported. It is required to remove the Passphrase before the import process is started.

First you need to load your private key to the local file system of your phone. Refer to the manual of your phone manufacturer on how to do this.

Then click the hamburger icon on the top left, select the arrow down next to the account name.

_images/pEp4Android-v1.0.200-PGP-KeyImport1.png

Then click Manage accounts.

_images/pEp4Android-v1.0.200-PGP-KeyImport2.png

On the Accounts screen, long press on the account for which you want to import a key. When the menu appears, select Key Import -> PGP Key Import -> PGP Key import from filesystem:

_images/pEp4Android-v1.0.200-PGP-KeyImport4.png _images/pEp4Android-v1.0.212-PGP-KeyImport5.png _images/pEp4Android-v1.0.212-FS-KeyImport6.png

To make sure the correct key is going to be imported, enter the Key ID (e.g. “DDC36BDA”) or Fingerprint (e.g. “2035 8EB7 96BE D71F CE2C 3EBF A77A 52CE 41E6 EA5E”) of the key, that you want to import. Then click “Select and import key”

_images/pEp4Android-v1.0.212-FS-KeyImport8.png

Then browse to the directory where you saved your key and and select it.

_images/pEp4Android-v1.0.212-FS-KeyImport9.png

The key will now be imported.

_images/pEp4Android-v1.0.212-FS-KeyImport10.png

After the import, the following message appears:

_images/pEp4Android-v1.0.212-FS-KeyImport11.png

Importing PGP keys from another PGP client

Once you will initiate and successfully import PGP key in p≡p for Android, it will replace device-generated key by newly imported PGP key and it will use it by default to encrypt all outgoing emails. Keys with a Passphrase are currently not supported. It is required to remove the Passphrase before the import process is started.

To start a PGP key import process in p≡p for Android, click the hamburger icon on the top left, select the arrow down next to the account name.

_images/pEp4Android-v1.0.200-PGP-KeyImport1.png

Then click Manage accounts.

_images/pEp4Android-v1.0.200-PGP-KeyImport2.png

On the Accounts screen, long press on the account for which you want to import a key. When the menu appears, select Key Import -> PGP Key Import -> PGP Key import wizard:

_images/pEp4Android-v1.0.200-PGP-KeyImport4.png _images/pEp4Android-v1.0.212-PGP-KeyImport5.png _images/pEp4Android-v1.0.212-FS-KeyImport6.png

The following screen appears. Press Start to start the PGP Key Import.

_images/pEp4Android-v1.0.200-PGP-KeyImport6.png

The following screen appears on p≡p for Android:

_images/pEp4Android-v1.0.200-PGP-KeyImport7.png

Now go to the OpenPGP client from where you want to import the key. After a minute or two you’ll receive an email with the PGP public key attached from your p≡p for Android. Import this public key. Then, on the OpenPGP device, compose a new message. Attach the public key part of the key you want to import to this message. Send it and make sure the message is signed and encrypted with the key you imported from you p≡p device (for example in Enigmail, you can select additional encryption keys if you go to the Enigmail Preferences and in “Key Selection” you enable “Always (also) manually”, details see https://www.enigmail.net/documentation/Configuration).

The device with p≡p for Android will show a Handshake dialog.

_images/pEp4Android-v1.0.200-PGP-KeyImport8.png

Compare the PGP fingerprints between the two devices. If the PGP fingerprints match, click “Accept” on p≡p for Android. The following screen appears:

_images/pEp4Android-v1.0.200-PGP-KeyImport9.png

Now go back to your OpenPGP client. Compose a new message and attach the private key you want to import. Send it and make sure the message is signed and encrypted with the key you imported from you p≡p device.

Shortly after you will see the following dialog on p≡p for Android. It shows the fingerprint of the key you want to import. Click “Accept” to import the key.

_images/pEp4Android-v1.0.200-PGP-KeyImport10.png

After the key has been imported successfully, the following messages appears.

_images/pEp4Android-v1.0.200-PGP-KeyImport11.png

p≡p will now use the imported key as the new default key.

p≡p for Android Options

This section covers all available options related to p≡p email encryption/decryption in p≡p for Android. These options can be opened by clicking the three dots on the top right while you are in a folder and then select Settings -> “Global Settings” or “Account Settings” -> p≡p.

_images/pEp4Android-v1.0.200rc1-Settings.png

Settings - Global Settings

Global settings are used for all accounts in the app:

_images/pEp4Android-v1.0.200rc1-AccountSettingspEpMenu.png

Global

Passive mode

By default, p≡p for Android attaches your public key to every outgoing email. When passive mode is enabled, p≡p doesn’t attach a public key to outgoing messages unless the communication partner uses p≡p. If you already have a public key from your communication partner, p≡p will encrypt your emails by default. For more details see Passive Mode.

Unsecure reply warning

Defines if a warning message should be shown, when a formerly encrypted message is forwarded or replied to unsecure. For more details see Show a warning when a message loses security through reply or forward.

OpenPGP Compatibility

Look up keys on key server

This option enables p≡p to look up the public key of the recipient on the public key server hkp://keys.gnupg.net/ before sending an email to the communication partner. If the email address of the recipient exists on the keyserver, then p≡p will use the public key to encrypt the email for the recipient. (The Web interface to upload a new OpenPGP key to the keyserver is available here: <http://keys.gnupg.net:11371>). This option is not enabled by default, because it comes with certain risks, e.g. using a key to encrypt a message, while the recipient might no longer have the private key available.

Unprotected message subjects

The user can choose, whether the subject of a message should be protected/encrypted. If the subject is encrypted, the users of other OpenPGP clients will then only see the subject “pEp” instead of the original subject. The actual subject is displayed in the first line of the body for plain text messages. For HTML messages, the subject is not visible. Subject Encryption is enabled by default.

Blacklist

If the user does not wish to use a key of a PGP communication partner anymore, then the user can enter the fingerprint of the key and add it to the blacklist. Please note this affects only PGP contacts, p≡p users won’t be affected by this blacklist.

_images/pEp4Android-v1.0.200rc1-GlobalSettingsBlacklist.png

Settings - Account Settings

Account settings can be configured for each account individually:

_images/pEp4Android-v1.0.200rc1-AccountSettingspEpMenu.png

p≡p privacy protection

Enable p≡p privacy protection for this account. When you disable this feature, no features of p≡p will be working for the selected account.

Store messages securely

Store server side e-mails protected (encrypted with own private key). When you disable this feature, p≡p will trust the server and keep all your emails stored on the server unencrypted.

Extra Key Management

All outgoing messages are additionally encrypted with those keys defined in the extra keys list. All incoming messages are re-encrypted with the defined keys. Refer to Extra Keys for more details.