v2.4.0
Cloud sync encryption
Cloud sync and remote backup files are now encrypted end-to-end before leaving your device. The server — including your WebDAV provider — never sees your data in plaintext.
- AES-256-GCM encryption with PBKDF2-SHA256 key derivation (310,000 iterations)
- Your passphrase never leaves your device and is never stored — only the derived key is cached
- Browser: derived key is cached in IndexedDB so you only need to enter your passphrase once per browser
- Android: derived key is stored in the Android Keystore (hardware-backed secure enclave)
- Encryption is opt-in — existing sync configurations continue to work without it
- Plaintext sync files from previous versions are automatically detected and read without any migration step
Privacy
- Removed Vercel Analytics and Speed Insights. No usage data is collected or transmitted.
Compatibility
- Koofr WebDAV support improved: directory creation now handles non-standard server responses correctly