From d2d827a3976e725242fb2c001ee3fd01a2d80873 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dominik=20Sch=C3=BCrmann?= <dominik@dominikschuermann.de>
Date: Wed, 8 Jul 2015 13:43:29 +0200
Subject: [PATCH] Updated App Security (markdown)

---
 App-Security.md | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/App-Security.md b/App-Security.md
index 4491bba..b571cb7 100644
--- a/App-Security.md
+++ b/App-Security.md
@@ -21,6 +21,13 @@ From ``./lint --show AllowBackup``:
     * The only argument, I can think of is protecting against root apps dumping the database and then gaining access to all public keys and thus a nice social graph, but hey, there are easier ways to get that information, maybe simply dumping the address database ;)
     * SQLCipher makes sense for apps such as TextSecure or Threema to protect the **decrypted** messages, but OpenKeychain does not store anything besides keys.
 
+### Anyone can delete my secret keys!
+Yes.
+    * Anyone can simply delete the app data from Android OS without a passphrase
+    * Asking for a passphrase before delete would prevent you from deleting keys where you forgot your passphrase
+
+### Why ask for passphrase when exporting?
+It is not required cryptographically, but prevents simple stealing of your keys.
 
 ### So how to backup/synchronize keys?
 * Synchronize public keys with keyservers -> you achieve the same certifications on all modern OpenPGP clients