How We Built A Breezy Password Manager And Brought It Up To A Digital ID Manager On Steroids

Description

Pocket Safe and Truster are two sibling password manager apps. While created to solve the same problem — storing sensitive data on a smartphone — they differ in terms of functionality and scope.

Pocket Safe

Pocket Safe is a basic password manager that helps people log in to their favorite services using a Master Password.

Tech stack

Node.JS, Express, MySQL, Mailgun, JWT Auth, REST API, Swift

Our role

UX/UI Design, Mobile Development, Backend, QA

Truster

Truster, the next iteration of Pocket Safe, is a sophisticated data storage vault that people can trust with their most confidential information, such as credit cards, private notes, and personal IDs.

Tech stack

Backend:Typescript v.3.7.4, VSCode v.1.50.1, Jetbrains Webstorm 2020.2.3, Jetbrains DataGrip 2020.2.3, HeidiSQL 11.0.5919
Frontend:NestJS (NodeJs/Express), TypeOrm, Docker
Database:Postgres 12.2

Our role

UX/UI Design, Mobile Development, Backend, QA

The Retrospective

The founder first approached us in March 2020 with an idea to create an uncluttered password manager app for logging into websites with a single sign-on solution. We created the MVP that was later released under the name Pocket Safe.
The app was well-received by the public, so it was decided to further develop the project — this time with wider functionality and even more advanced encryption algorithms. Truster — for that was the name of the second MVP — was supposed to be extra-secure to allow users to store such sensitive data as credit card details, documents, etc.

Pocket Safe

iteration 1

Description

First, the team was summoned to create an uncluttered password manager mobile application for logging into various websites.

Our devs were challenged to architect the UX and fill it with UI elements according to the Apple guidelines, connect the frontend and the backend, test the thing, and deliver it to the client market-ready.

The Solution

We created an app that grants access to multiple passwords under an extra-secure Master Password. We developed a minimalistic UX/UI to avert unnecessary user actions. To protect the data, the app communicates with the database through the secure Rest API.

Functionality

The library of the most popular services was preinstalled for a comfier search.
For extra security, we enabled a 4-digit PIN code lock and an auto-lock timer. The latter blocks the app after a specified period of inactivity.
We implemented in-app subscription purchase with a 3-day free trial.
Users can auto-login to their favorite websites, change passwords right from the app, organize them into groups, and share account access with multiple people.

Results

The end product is a straightforward mobile solution that increases productivity and decreases the likelihood of password-related breaches.
Pocket Safe is translated into 32 languages and currently available in Europe, Asia, and the Middle East.
In just a month, we managed to build the app from scratch — on time, on budget.

Truster

iteration 2

Description

After the success of Pocket Safe, the founder reached us again — this time to create an extra secure password manager to promote in the US market.

Unlike basic analogs, Truster had to be secure enough to store not just the website login information but also credit card data, personal documentation, and notes.

The biggest challenge was to sync complex encryption solutions with the backend while complying with the legal requirements associated with data storage. The project required a branched internal logic and a legal research job, including GDPR compliance.

The Solution

We took into account the experience of creating a basic password manager to design a more complex application for storing data that needs special protection.

Functionality

The ability to sync and access data across devices.
The app stores items in categories: website login credentials, bank card details, personal documents (passport, driver's license, etc.), and secure notes.
Users can create multiple accounts on the same device.
Additional functionality upon paid subscription: instant login with Face ID, Touch ID, or PIN code, ad blocker, password generator, and the unlimited amount of data to store.
The ability to share items with teammates and family members.
The app works in offline mode. All data that was created on other devices in offline mode will be pulled to the account immediately upon login.

Encryption

The password is used only to obtain an encryption key. It is also not transmitted to the server and is stored on the device in the encrypted form.
We used the AES 256 block cipher algorithm that uses symmetric key encryption. It involves the use of only one secret key to cipher and decipher the information.
All data is transferred via the TLS/SSL secure protocol.
The password is not stored either on the server or on devices. All the records are encrypted and decrypted on the user's device. Neither decrypted data nor even the encryption keys can be accessed — this information belongs only to the user.
The data is backed by an extra-secure Master Password.

This set of measures reduces the likelihood of unauthorized access to zero, even if the phone is lost or stolen.

Review

Most of all I liked the fact that the team quickly solved all difficulties, offered us many solutions in various situations, shared expertise. And of course the quality of the code!
Kseniya Prilutskaya
Head of Mobile App Development, Rich Peach Media

Results

On the basis of Pocket Safe, in 3 months we created an MVP with advanced data storage capabilities.
Our team built a powerful encrypted vault with complex inner logic. Wrapped in a minimalistic design, Truster makes a great one-fits-all data security solution for everyday use.
Manual testing was performed to fix the bugs and make sure the app is market-ready.

Let's develop your project

If you'd like to get in touch with us you can email us at info@rocketech.it, call us on +65 3159 3765, send us a message via our online form, or get answers in real time by simple briefing @RocketechHelloBot.
SingaporeMoscowKyivLondonSan Francisco