From a0980a9638594a477e7eb4756242e31023b240c8 Mon Sep 17 00:00:00 2001
From: Aman Raj Singh Mourya <amanrajmourya7@gmail.com>
Date: Tue, 9 Jul 2024 11:24:50 +0530
Subject: [PATCH 1/7] [mob][photos] Lockscreen Fixes

---
 mobile/lib/services/local_authentication_service.dart    | 9 ++++++++-
 .../ui/settings/lock_screen/lock_screen_password.dart    | 4 +++-
 mobile/lib/ui/settings/lock_screen/lock_screen_pin.dart  | 4 +++-
 mobile/lib/utils/auth_util.dart                          | 2 ++
 4 files changed, 16 insertions(+), 3 deletions(-)

diff --git a/mobile/lib/services/local_authentication_service.dart b/mobile/lib/services/local_authentication_service.dart
index a989da5124..6167fca67f 100644
--- a/mobile/lib/services/local_authentication_service.dart
+++ b/mobile/lib/services/local_authentication_service.dart
@@ -21,7 +21,11 @@ class LocalAuthenticationService {
   ) async {
     if (await _isLocalAuthSupportedOnDevice()) {
       AppLock.of(context)!.setEnabled(false);
-      final result = await requestAuthentication(context, infoMessage);
+      final result = await requestAuthentication(
+        context,
+        infoMessage,
+        isAuthenticatingForInAppChange: true,
+      );
       AppLock.of(context)!.setEnabled(
         await Configuration.instance.shouldShowLockScreen(),
       );
@@ -40,6 +44,7 @@ class LocalAuthenticationService {
     String? savedPin,
     String? savedPassword, {
     bool isOnOpeningApp = false,
+    bool isAuthenticatingForInAppChange = false,
   }) async {
     if (savedPassword != null) {
       final result = await Navigator.of(context).push(
@@ -47,6 +52,7 @@ class LocalAuthenticationService {
           builder: (BuildContext context) {
             return LockScreenPassword(
               isAuthenticating: true,
+              isAuthenticatingForInAppChange: isAuthenticatingForInAppChange,
               isOnOpeningApp: isOnOpeningApp,
               authPass: savedPassword,
             );
@@ -63,6 +69,7 @@ class LocalAuthenticationService {
           builder: (BuildContext context) {
             return LockScreenPin(
               isAuthenticating: true,
+              isAuthenticatingForInAppChange: isAuthenticatingForInAppChange,
               isOnOpeningApp: isOnOpeningApp,
               authPin: savedPin,
             );
diff --git a/mobile/lib/ui/settings/lock_screen/lock_screen_password.dart b/mobile/lib/ui/settings/lock_screen/lock_screen_password.dart
index 24d0f7575a..4cf7f965e0 100644
--- a/mobile/lib/ui/settings/lock_screen/lock_screen_password.dart
+++ b/mobile/lib/ui/settings/lock_screen/lock_screen_password.dart
@@ -18,12 +18,14 @@ class LockScreenPassword extends StatefulWidget {
     super.key,
     this.isAuthenticating = false,
     this.isOnOpeningApp = false,
+    this.isAuthenticatingForInAppChange = false,
     this.authPass,
   });
 
   //Is false when setting a new password
   final bool isAuthenticating;
   final bool isOnOpeningApp;
+  final bool isAuthenticatingForInAppChange;
   final String? authPass;
   @override
   State<LockScreenPassword> createState() => _LockScreenPasswordState();
@@ -201,7 +203,7 @@ class _LockScreenPasswordState extends State<LockScreenPassword> {
     if (widget.authPass == base64Encode(hash)) {
       await _lockscreenSetting.setInvalidAttemptCount(0);
 
-      widget.isOnOpeningApp
+      widget.isOnOpeningApp || widget.isAuthenticatingForInAppChange
           ? Navigator.of(context).pop(true)
           : Navigator.of(context).pushReplacement(
               MaterialPageRoute(
diff --git a/mobile/lib/ui/settings/lock_screen/lock_screen_pin.dart b/mobile/lib/ui/settings/lock_screen/lock_screen_pin.dart
index 622078706f..bc0eb91cde 100644
--- a/mobile/lib/ui/settings/lock_screen/lock_screen_pin.dart
+++ b/mobile/lib/ui/settings/lock_screen/lock_screen_pin.dart
@@ -20,12 +20,14 @@ class LockScreenPin extends StatefulWidget {
     super.key,
     this.isAuthenticating = false,
     this.isOnOpeningApp = false,
+    this.isAuthenticatingForInAppChange = false,
     this.authPin,
   });
 
   //Is false when setting a new password
   final bool isAuthenticating;
   final bool isOnOpeningApp;
+  final bool isAuthenticatingForInAppChange;
   final String? authPin;
   @override
   State<LockScreenPin> createState() => _LockScreenPinState();
@@ -62,7 +64,7 @@ class _LockScreenPinState extends State<LockScreenPin> {
     if (widget.authPin == base64Encode(hash)) {
       invalidAttemptsCount = 0;
       await _lockscreenSetting.setInvalidAttemptCount(0);
-      widget.isOnOpeningApp
+      widget.isOnOpeningApp || widget.isAuthenticatingForInAppChange
           ? Navigator.of(context).pop(true)
           : Navigator.of(context).pushReplacement(
               MaterialPageRoute(
diff --git a/mobile/lib/utils/auth_util.dart b/mobile/lib/utils/auth_util.dart
index 9c4e161fbf..6db836594c 100644
--- a/mobile/lib/utils/auth_util.dart
+++ b/mobile/lib/utils/auth_util.dart
@@ -11,6 +11,7 @@ Future<bool> requestAuthentication(
   BuildContext context,
   String reason, {
   bool isOpeningApp = false,
+  bool isAuthenticatingForInAppChange = false,
 }) async {
   Logger("AuthUtil").info("Requesting authentication");
   await LocalAuthentication().stopAuthentication();
@@ -24,6 +25,7 @@ Future<bool> requestAuthentication(
       savedPin,
       savedPassword,
       isOnOpeningApp: isOpeningApp,
+      isAuthenticatingForInAppChange: isAuthenticatingForInAppChange,
     );
   } else {
     return await LocalAuthentication().authenticate(

From 8117a2929cd5149899f68cc21548eaf05c8e9549 Mon Sep 17 00:00:00 2001
From: Aman Raj Singh Mourya <amanrajmourya7@gmail.com>
Date: Wed, 10 Jul 2024 00:13:10 +0530
Subject: [PATCH 2/7] [mob][photos] Used better names

---
 .../local_authentication_service.dart         | 10 +++----
 .../lock_screen/lock_screen_password.dart     | 27 ++++++++++++-------
 .../settings/lock_screen/lock_screen_pin.dart | 27 ++++++++++++-------
 mobile/lib/utils/auth_util.dart               |  2 +-
 4 files changed, 42 insertions(+), 24 deletions(-)

diff --git a/mobile/lib/services/local_authentication_service.dart b/mobile/lib/services/local_authentication_service.dart
index 6167fca67f..fecca7ac70 100644
--- a/mobile/lib/services/local_authentication_service.dart
+++ b/mobile/lib/services/local_authentication_service.dart
@@ -43,7 +43,7 @@ class LocalAuthenticationService {
     BuildContext context,
     String? savedPin,
     String? savedPassword, {
-    bool isOnOpeningApp = false,
+    bool isAuthenticatingOnAppLaunch = false,
     bool isAuthenticatingForInAppChange = false,
   }) async {
     if (savedPassword != null) {
@@ -51,9 +51,9 @@ class LocalAuthenticationService {
         MaterialPageRoute(
           builder: (BuildContext context) {
             return LockScreenPassword(
-              isAuthenticating: true,
+              isChangingLockScreenSettings: true,
               isAuthenticatingForInAppChange: isAuthenticatingForInAppChange,
-              isOnOpeningApp: isOnOpeningApp,
+              isAuthenticatingOnAppLaunch: isAuthenticatingOnAppLaunch,
               authPass: savedPassword,
             );
           },
@@ -68,9 +68,9 @@ class LocalAuthenticationService {
         MaterialPageRoute(
           builder: (BuildContext context) {
             return LockScreenPin(
-              isAuthenticating: true,
+              isChangingLockScreenSettings: true,
               isAuthenticatingForInAppChange: isAuthenticatingForInAppChange,
-              isOnOpeningApp: isOnOpeningApp,
+              isAuthenticatingOnAppLaunch: isAuthenticatingOnAppLaunch,
               authPin: savedPin,
             );
           },
diff --git a/mobile/lib/ui/settings/lock_screen/lock_screen_password.dart b/mobile/lib/ui/settings/lock_screen/lock_screen_password.dart
index 4cf7f965e0..066aeb713c 100644
--- a/mobile/lib/ui/settings/lock_screen/lock_screen_password.dart
+++ b/mobile/lib/ui/settings/lock_screen/lock_screen_password.dart
@@ -16,15 +16,23 @@ import "package:photos/utils/lock_screen_settings.dart";
 class LockScreenPassword extends StatefulWidget {
   const LockScreenPassword({
     super.key,
-    this.isAuthenticating = false,
-    this.isOnOpeningApp = false,
+    this.isChangingLockScreenSettings = false,
+    this.isAuthenticatingOnAppLaunch = false,
     this.isAuthenticatingForInAppChange = false,
     this.authPass,
   });
 
-  //Is false when setting a new password
-  final bool isAuthenticating;
-  final bool isOnOpeningApp;
+  /// [isChangingLockScreenSettings] Authentication required for changing lock screen settings.
+  /// Set to true when the app requires the user to authenticate before allowing
+  /// changes to the lock screen settings.
+  final bool isChangingLockScreenSettings;
+
+  /// [isAuthenticatingOnAppLaunch] Authentication required on app launch.
+  /// Set to true when the app requires the user to authenticate immediately upon opening.
+  final bool isAuthenticatingOnAppLaunch;
+
+  /// [isAuthenticatingForInAppChange] Authentication required for in-app changes (e.g., email, password).
+  /// Set to true when the app requires the to authenticate for sensitive actions like email, password changes.
   final bool isAuthenticatingForInAppChange;
   final String? authPass;
   @override
@@ -157,7 +165,7 @@ class _LockScreenPasswordState extends State<LockScreenPassword> {
                 ),
               ),
               Text(
-                widget.isAuthenticating
+                widget.isChangingLockScreenSettings
                     ? S.of(context).enterPassword
                     : S.of(context).setNewPassword,
                 textAlign: TextAlign.center,
@@ -203,7 +211,8 @@ class _LockScreenPasswordState extends State<LockScreenPassword> {
     if (widget.authPass == base64Encode(hash)) {
       await _lockscreenSetting.setInvalidAttemptCount(0);
 
-      widget.isOnOpeningApp || widget.isAuthenticatingForInAppChange
+      widget.isAuthenticatingOnAppLaunch ||
+              widget.isAuthenticatingForInAppChange
           ? Navigator.of(context).pop(true)
           : Navigator.of(context).pushReplacement(
               MaterialPageRoute(
@@ -212,7 +221,7 @@ class _LockScreenPasswordState extends State<LockScreenPassword> {
             );
       return true;
     } else {
-      if (widget.isOnOpeningApp) {
+      if (widget.isAuthenticatingOnAppLaunch) {
         invalidAttemptsCount++;
         if (invalidAttemptsCount > 4) {
           await _lockscreenSetting.setInvalidAttemptCount(invalidAttemptsCount);
@@ -226,7 +235,7 @@ class _LockScreenPasswordState extends State<LockScreenPassword> {
   }
 
   Future<void> _confirmPassword() async {
-    if (widget.isAuthenticating) {
+    if (widget.isChangingLockScreenSettings) {
       await _confirmPasswordAuth(_passwordController.text);
       return;
     } else {
diff --git a/mobile/lib/ui/settings/lock_screen/lock_screen_pin.dart b/mobile/lib/ui/settings/lock_screen/lock_screen_pin.dart
index bc0eb91cde..166f137ab9 100644
--- a/mobile/lib/ui/settings/lock_screen/lock_screen_pin.dart
+++ b/mobile/lib/ui/settings/lock_screen/lock_screen_pin.dart
@@ -18,15 +18,23 @@ import 'package:pinput/pinput.dart';
 class LockScreenPin extends StatefulWidget {
   const LockScreenPin({
     super.key,
-    this.isAuthenticating = false,
-    this.isOnOpeningApp = false,
+    this.isChangingLockScreenSettings = false,
+    this.isAuthenticatingOnAppLaunch = false,
     this.isAuthenticatingForInAppChange = false,
     this.authPin,
   });
 
-  //Is false when setting a new password
-  final bool isAuthenticating;
-  final bool isOnOpeningApp;
+  /// [isChangingLockScreenSettings] Authentication required for changing lock screen settings.
+  /// Set to true when the app requires the user to authenticate before allowing
+  /// changes to the lock screen settings.
+  final bool isChangingLockScreenSettings;
+
+  /// [isAuthenticatingOnAppLaunch] Authentication required on app launch.
+  /// Set to true when the app requires the user to authenticate immediately upon opening.
+  final bool isAuthenticatingOnAppLaunch;
+
+  /// [isAuthenticatingForInAppChange] Authentication required for in-app changes (e.g., email, password).
+  /// Set to true when the app requires the to authenticate for sensitive actions like email, password changes.
   final bool isAuthenticatingForInAppChange;
   final String? authPin;
   @override
@@ -64,7 +72,8 @@ class _LockScreenPinState extends State<LockScreenPin> {
     if (widget.authPin == base64Encode(hash)) {
       invalidAttemptsCount = 0;
       await _lockscreenSetting.setInvalidAttemptCount(0);
-      widget.isOnOpeningApp || widget.isAuthenticatingForInAppChange
+      widget.isAuthenticatingOnAppLaunch ||
+              widget.isAuthenticatingForInAppChange
           ? Navigator.of(context).pop(true)
           : Navigator.of(context).pushReplacement(
               MaterialPageRoute(
@@ -83,7 +92,7 @@ class _LockScreenPinState extends State<LockScreenPin> {
         isPinValid = false;
       });
 
-      if (widget.isOnOpeningApp) {
+      if (widget.isAuthenticatingOnAppLaunch) {
         invalidAttemptsCount++;
         if (invalidAttemptsCount > 4) {
           await _lockscreenSetting.setInvalidAttemptCount(invalidAttemptsCount);
@@ -95,7 +104,7 @@ class _LockScreenPinState extends State<LockScreenPin> {
   }
 
   Future<void> _confirmPin(String code) async {
-    if (widget.isAuthenticating) {
+    if (widget.isChangingLockScreenSettings) {
       await confirmPinAuth(code);
       return;
     } else {
@@ -222,7 +231,7 @@ class _LockScreenPinState extends State<LockScreenPin> {
             ),
           ),
           Text(
-            widget.isAuthenticating
+            widget.isChangingLockScreenSettings
                 ? S.of(context).enterPin
                 : S.of(context).setNewPin,
             style: textTheme.bodyBold,
diff --git a/mobile/lib/utils/auth_util.dart b/mobile/lib/utils/auth_util.dart
index 6db836594c..f25aff58b7 100644
--- a/mobile/lib/utils/auth_util.dart
+++ b/mobile/lib/utils/auth_util.dart
@@ -24,7 +24,7 @@ Future<bool> requestAuthentication(
       context,
       savedPin,
       savedPassword,
-      isOnOpeningApp: isOpeningApp,
+      isAuthenticatingOnAppLaunch: isOpeningApp,
       isAuthenticatingForInAppChange: isAuthenticatingForInAppChange,
     );
   } else {

From d7371392feaebee2319f93ff2c3e03f534c10d04 Mon Sep 17 00:00:00 2001
From: Manav Rathi <manav@mrmr.io>
Date: Wed, 10 Jul 2024 14:49:55 +0530
Subject: [PATCH 3/7] [docs] Improve send logs instructions

---
 .../photos/troubleshooting/sharing-logs.md    | 50 +++++++++----------
 1 file changed, 25 insertions(+), 25 deletions(-)

diff --git a/docs/docs/photos/troubleshooting/sharing-logs.md b/docs/docs/photos/troubleshooting/sharing-logs.md
index 3015a691f8..58902f2aab 100644
--- a/docs/docs/photos/troubleshooting/sharing-logs.md
+++ b/docs/docs/photos/troubleshooting/sharing-logs.md
@@ -5,41 +5,41 @@ description: How to report bugs and share the logs from your Ente Photos app
 
 # Sharing debug logs
 
-In some cases when you report a bug, our customer support might request you to
-share debug logs from your app to help our developers find the issue.
+In some cases when you report an issue, our customer support might request you
+to share debug logs from your app to help our developers find the issue.
 
 Note that the debug logs contain potentially sensitive information like the file
 names, so please feel free to not share them if you have any hesitation or want
 to keep these private. We will try to diagnose the issue even without the logs,
 the logs just make the process a bit faster and easier.
 
-### Mobile
+## Mobile
 
-To **_Report a bug_** on your mobile device, follow these steps:
+-   Open settings (tap on the three horizontal lines button).
+-   Tap on _Support_ from the settings.
+-   Select for the option to _Report a Bug_.
+-   Tap on _Report a bug_.
 
--   Tap on the three horizontal lines to access the settings.
--   Tap on **"Support"** from the settings.
--   Select for the option to **"Report a Bug"**.
--   Tap on **"Report a bug"** .
+## Desktop
 
-### Desktop
+-   Click on _Help_ menu at the top of your screen, and select the _View logs_
+    option.
+-   Open settings (click on the three horizontal lines button located at the top
+    left corner of the screen).
+-   Click on _Support_. This will open your email client where you can attach
+    the logs in the email and describe the issue.
 
-To **_Report a bug_** on the desktop app, follow these steps:
+## Web
 
--   Click on the three horizontal lines located in the top left corner of the
-    screen to access the settings.
--   Click on **"Debug logs"** from the settings.
--   Click on **Download logs**.
--   Then Click on **"Support"**.
--   Attach the downloaded logs in the email and describe the issue.
+-   Open settings (click on the three horizontal lines button located at the top
+    left corner of the screen).
+-   Click on _Debug Logs_ towards the bottom of settings.
+-   Click on _Download logs_
+-   Click on _Support_. This will open your email client where you can attach
+    the logs in the email and describe the issue.
 
-### Web
+## Send email manually
 
-To **_Report a bug_** on the web, follow these steps:
-
--   Click on the three horizontal lines located in the top left corner of the
-    screen to access the settings.
--   Click on **"Debug Logs"**
--   Click on **Download logs**
--   Click on **"Support"** from the settings.
--   Attach the downloaded logs in the email and describe the issue.
+If _Report a bug_ or _Support_ doesn't automatically open your email client, you
+can also directly send a mail to <a
+href="mailto:support@ente.io">support@ente.io</a>.

From d1968e46e560093beb3f96583b32de370bab4e91 Mon Sep 17 00:00:00 2001
From: vishnukvmd <vishnu@ente.io>
Date: Wed, 10 Jul 2024 15:25:54 +0530
Subject: [PATCH 4/7] Incorporate suggestions

---
 docs/docs/photos/faq/security-and-privacy.md | 117 ++++++++++---------
 1 file changed, 65 insertions(+), 52 deletions(-)

diff --git a/docs/docs/photos/faq/security-and-privacy.md b/docs/docs/photos/faq/security-and-privacy.md
index 9dadf8bdf1..3990e2b623 100644
--- a/docs/docs/photos/faq/security-and-privacy.md
+++ b/docs/docs/photos/faq/security-and-privacy.md
@@ -1,73 +1,77 @@
 ---
-title: Security and privacy FAQ
-description:
-    Frequently asked questions about security and privacy of Ente Photos
+title: Security and Privacy FAQ
+description: Comprehensive information about security and privacy measures in Ente Photos
 ---
 
-# Security and privacy
+# Security and Privacy FAQ
 
-## Can Ente see my photos and videos?
+Welcome to Ente Photos' Security and Privacy FAQ. This document provides
+detailed information about our security practices, privacy measures, and how we
+protect your data. We are committed to maintaining the highest standards of data
+protection and transparency.
 
-No.
+## Data Encryption and Storage
 
-Your files are encrypted with a key before they are uploaded to our servers.
+### Can Ente see my photos and videos?
+No. Your files are encrypted on your device before being uploaded to our
+servers. The encryption keys are derived from your password using advanced key
+derivation functions. Since only you know your password, only you can decrypt
+your files. For technical details, please see our [architecture
+document](https://ente.io/architecture).
 
-These keys can be accessed only with your password.
+### How is my data encrypted?
+We use the following encryption algorithms:
+- Encryption: `XChaCha20` and `XSalsa20`
+- Authentication: Poly1305 message authentication code (MAC)
+- Key derivation: Argon2id with high memory and computation parameters
 
-Since only you know your password, only you can decrypt your files.
+These algorithms are implemented using
+[libsodium](https://libsodium.gitbook.io/doc/), a externally audited
+cryptographic library. Our [architecture document](https://ente.io/architecture)
+provides full technical specifications.
 
-To learn more about our encryption protocol, please read about our
-[architecture](https://ente.io/architecture).
+### Where is my data stored?
+Your encrypted data is stored redundantly across multiple providers in the EU:
+- Amsterdam, Netherlands
+- Paris, France
+- Frankfurt, Germany
 
-## How is my data encrypted?
+We use a combination of object storage and distributed databases to ensure high
+availability and durability. Our [reliability
+document](https://ente.io/reliability) provides in-depth information about our
+storage infrastructure and data replication strategies.
 
-We use [libsodium](https://libsodium.gitbook.io/doc/)'s implementations
-`XChaCha20` and `XSalsa20` to encrypt your data, along with `Poly1305` MAC for
-authentication.
+### How does Ente's encryption compare to industry standards?
+Our encryption model goes beyond industry standards. While many services use
+server-side encryption, we implement end-to-end encryption. This means that even
+in the unlikely event of a server breach, your data remains protected.
 
-Please refer to the document on our [architecture](https://ente.io/architecture)
-for more details.
+## Account Security
 
-## Where is my data stored?
+### What happens if I forget my password?
+You can reset your password using your recovery key. This key is a randomly
+generated string provided to you during account creation. Store it securely, as
+it's your lifeline if you forget your password. If you lose both your password
+and recovery key, we cannot recover your account or data due to our
+zero-knowledge architecture.
 
-Your data is replicated to multiple providers in different countries in the EU.
-
-Currently we have datacenters in the following locations:
-
--   Amsterdam, Netherlands
--   Paris, France
--   Frankfurt, Germany
-
-Much more details about our replication and reliability are documented
-[here](https://ente.io/reliability).
-
-## What happens if I forget my password?
-
-You can reset your password with your recovery key.
-
-If you lose both your password and your recovery key, you will not be able to
-decrypt your data.
-
-## Can I change my password?
-
-Yes.
-
-You can change your password from any of our apps.
-
-Thanks to our [architecture](https://ente.io/architecture), you can do so
-without having to re-encrypt any of your files.
+### Can I change my password?
+Yes, you can change your password at any time from our apps. Our architecture
+allows password changes without re-encrypting your entire library.
 
 The privacy of your account is a function of the strength of your password,
 please choose a strong one.
 
-## Do you support 2FA?
+### Do you support two-factor authentication (2FA)?
+Yes, we recommend enabling 2FA for an additional layer of security. We support:
+- Time-based One-Time Passwords (TOTP)
+- WebAuthn/FIDO2 for hardware security keys
 
-Yes.
+You can set up 2FA in the settings of our mobile or desktop apps.
 
-You can setup two-factor authentication from the settings screen of the mobile
-app or from the side bar of our desktop app.
+## Sharing and Collaboration
 
-## How does sharing work?
+### How does sharing work?
 
 The information required to decrypt an album is encrypted with the recipient's
 public key such that only they can decrypt them.
@@ -81,22 +85,31 @@ and is never sent to our servers.
 Please note that only users on the paid plan are allowed to share albums. The
 receiver just needs a free Ente account.
 
-## Has the Ente Photos app been audited by a credible source?
+## Security Audits
 
+## Has the Ente Photos app been audited by a credible source?
 Yes, Ente Photos has undergone a thorough security audit conducted by Cure53, in
 collaboration with Symbolic Software. Cure53 is a prominent German cybersecurity
 firm, while Symbolic Software specializes in applied cryptography. Please find
 the full report here: https://ente.io/blog/cryptography-audit/
 
-## How can I delete my account?
+## Account Management
+
+### How can I delete my account?
 
 You can delete your account at any time by using the "Delete account" option in
 the settings. For security reasons, we request you to delete your account on
 your own instead of contacting support to ask them to delete your account.
 
-Note that both Ente photos and Ente auth data will be deleted when you delete
+Note that both Ente Photos and Ente Auth data will be deleted when you delete
 your account (irrespective of which app you delete it from) since both photos
 and auth use the same underlying account.
 
 To know details of how your data is deleted, including when you delete your
 account, please see https://ente.io/blog/how-ente-deletes-data/.
+
+## Additional Support
+
+For any security or privacy questions not covered here, please contact our team
+at security@ente.io. We're committed to addressing your concerns and
+continuously improving our security measures.

From b402c6ae32aa74bde899bb28a8432ca0425242d2 Mon Sep 17 00:00:00 2001
From: Victor Muthiani <121645908+Vantesh@users.noreply.github.com>
Date: Thu, 11 Jul 2024 10:13:59 +0300
Subject: [PATCH 5/7] [Auth] Add 2 new icons and optimize 2 icons (#2411)

## Description

New icons:
- Deriv
- Airtm

Optimized icons
- Yahoo
- Bitget
---
 .../custom-icons/_data/custom-icons.json      |  7 +++++++
 auth/assets/custom-icons/icons/airtm.svg      |  1 +
 auth/assets/custom-icons/icons/bitget.svg     | 19 +------------------
 auth/assets/custom-icons/icons/deriv.svg      |  1 +
 auth/assets/custom-icons/icons/yahoo.svg      |  2 +-
 5 files changed, 11 insertions(+), 19 deletions(-)
 create mode 100644 auth/assets/custom-icons/icons/airtm.svg
 create mode 100644 auth/assets/custom-icons/icons/deriv.svg

diff --git a/auth/assets/custom-icons/_data/custom-icons.json b/auth/assets/custom-icons/_data/custom-icons.json
index 171ef0dd72..a6019b5a6e 100644
--- a/auth/assets/custom-icons/_data/custom-icons.json
+++ b/auth/assets/custom-icons/_data/custom-icons.json
@@ -14,6 +14,10 @@
     {
       "title": "Airtable"
     },
+    {
+      "title": "airtm"
+      "hex": "000000"
+    },
     {
       "title": "Anycoin Direct",
       "slug": "anycoindirect"
@@ -115,6 +119,9 @@
     },
     {
       "title": "DEGIRO"
+    },
+     {
+      "title": "deriv"
     },
     {
       "title": "DirectAdmin"
diff --git a/auth/assets/custom-icons/icons/airtm.svg b/auth/assets/custom-icons/icons/airtm.svg
new file mode 100644
index 0000000000..bfef999bac
--- /dev/null
+++ b/auth/assets/custom-icons/icons/airtm.svg
@@ -0,0 +1 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="-738.2 149.1 435.4 102.8" xml:space="preserve"><path d="M-612.2 149.1h-18.4v99.6h18.4zm-104.1 79 25.4-55 14 30.2zm79.3 20.7-17.9-38.7 17.4-11-8.9-15-15.9 10-17.4-37.6c-1.1-2.3-2.7-4.2-4.7-5.5s-4.4-2-6.7-1.9c-2.4.1-4.7.9-6.6 2.3s-3.4 3.3-4.3 5.5l-34.9 75.5-.1.2c-2.3 5.7-.8 12.2 3.8 16.2 4.5 3.9 10.8 4.2 15.6.9l48.2-30.3 13.7 29.5zm54.3-53.1h27.3c14.1 0 18.8-7.7 18.8-16.4s-4.7-15.9-18.7-15.9h-27.4zm30.9-46.6c26.2 0 34.6 14.6 34.6 30 0 11.6-5.8 23.7-21.5 27.9l24.7 41.7h-20.8l-23-39.1h-24.9v39.1H-601v-99.6zm40.1 15.4h35v84.2h18.4v-84.2h35v-15.4h-88.4zm123.9-15.4H-415v99.6h16.6v-72.1c0-4.5-.3-8.6-.7-12.1h.5c.5 2.7 1.9 7.9 3.2 11.6l27.3 72.5h17.3l27.3-72.5c1.5-3.8 3.1-9.4 3.5-11.6h.5c-.4 3.6-.7 8-.7 12.1v72.1h17.2v-99.6h-27.4l-25.8 69.5c-1.5 4.2-2.3 6.7-2.8 10.1h-.3c-.5-3-1.2-5.2-2.3-8.7-.1-.4-.3-.9-.4-1.4z" style="fill:#050505"/></svg>
diff --git a/auth/assets/custom-icons/icons/bitget.svg b/auth/assets/custom-icons/icons/bitget.svg
index 19b60c978a..845282f0e2 100644
--- a/auth/assets/custom-icons/icons/bitget.svg
+++ b/auth/assets/custom-icons/icons/bitget.svg
@@ -1,18 +1 @@
-<svg width="512" height="155" viewBox="0 0 512 155" fill="none" xmlns="http://www.w3.org/2000/svg">
-<g clip-path="url(#clip0_3037_70295)">
-<path d="M200.682 74.9284C204.533 72.7411 207.619 70.0177 209.865 66.8064C212.425 63.1502 213.725 58.974 213.725 54.4011C213.725 45.8396 210.524 39.1571 204.217 34.5359C197.985 29.9683 189.41 27.655 178.723 27.655H140.078V126.826H180.267C191.522 126.826 200.534 124.209 207.05 119.044C213.618 113.836 216.952 106.542 216.952 97.3615C216.952 91.7726 215.384 86.9638 212.296 83.0717C209.525 79.5924 205.624 76.8556 200.684 74.9284H200.682ZM160.991 45.5286H177.042C182.076 45.5286 185.877 46.5043 188.346 48.4236C190.785 50.3187 191.97 52.8089 191.97 56.0335C191.97 59.2581 190.785 61.8743 188.346 63.7775C185.877 65.6967 182.076 66.6724 177.042 66.6724H160.991V45.5286ZM191.209 105.591C188.426 107.821 184.178 108.949 178.584 108.949H160.991V84.68H178.584C184.175 84.68 188.429 85.771 191.222 87.9127C193.991 90.0491 195.337 92.8689 195.337 96.5439C195.337 100.409 193.986 103.368 191.209 105.593V105.591Z" fill="#03AAC1"/>
-<path d="M245.205 52.6685H224.152V126.822H245.205V52.6685Z" fill="#03AAC1"/>
-<path d="M453.137 63.8202C449.805 59.8531 445.629 56.7437 440.724 54.5751C435.824 52.4093 430.313 51.3049 424.351 51.3049C417.044 51.3049 410.453 52.9642 404.754 56.2344C399.042 59.5153 394.509 64.0722 391.277 69.787C388.044 75.4965 386.406 82.1227 386.406 89.4753C386.406 96.8279 387.996 103.891 391.129 109.689C394.271 115.506 398.787 120.068 404.551 123.26C410.303 126.434 417.06 128.045 424.633 128.045C433.929 128.045 441.82 125.708 448.093 121.094C454.134 116.656 458.289 110.394 460.552 102.556H439.357C438.242 105.223 436.671 107.494 434.422 109.094C431.763 110.981 428.329 111.938 424.212 111.938C420.642 111.938 417.583 111.069 415.12 109.359C412.646 107.649 410.756 105.121 409.515 101.838C408.77 99.8864 408.242 97.6428 407.931 95.1472H460.922L461.026 94.4878C461.972 88.5076 461.734 82.841 460.308 77.6462C458.879 72.438 456.467 67.7873 453.137 63.8202ZM408.266 81.4177C408.59 79.9086 409.027 78.3378 409.582 76.9064C410.874 73.5799 412.739 71.02 415.13 69.3099C417.511 67.5997 420.473 66.7366 423.936 66.7366C428.276 66.7366 431.838 68.1438 434.524 70.9128C437.07 73.5477 438.515 77.1476 438.823 81.4177H408.268H408.266Z" fill="#03AAC1"/>
-<path d="M245.635 27.6521H223.703V45.5257H245.635V27.6521Z" fill="#03AAC1"/>
-<path d="M360.93 61.0807C358.44 58.0893 355.521 55.7706 352.229 54.1677C348.3 52.2672 343.702 51.3049 338.564 51.3049C332.273 51.3049 326.633 52.8569 321.808 55.9127C316.989 58.9658 313.166 63.2814 310.451 68.7309C307.746 74.1669 306.371 80.5492 306.371 87.7088C306.371 94.8684 307.816 100.875 310.668 106.349C313.525 111.841 317.487 116.216 322.441 119.358C327.405 122.507 333.066 124.105 339.269 124.105C343.952 124.105 348.23 123.091 351.977 121.089C354.944 119.505 357.429 117.409 359.389 114.849V122.923C359.389 127.927 358.073 131.768 355.486 134.328C352.891 136.888 348.946 138.18 343.756 138.18C339.285 138.18 335.768 137.167 333.307 135.164C331.294 133.527 329.536 131.377 329.126 126.825H308.829C309.017 133.194 310.888 137.486 313.528 141.246C316.49 145.46 320.656 148.755 325.92 151.03C331.134 153.279 337.183 154.421 343.898 154.421C355.17 154.421 364.144 151.588 370.564 146.007C377.024 140.394 380.299 132.535 380.299 122.652V52.6666H360.93V61.0807ZM357.223 97.5597C355.888 100.315 354.004 102.476 351.615 103.971C349.23 105.467 346.351 106.228 343.054 106.228C338.288 106.228 334.583 104.607 331.721 101.267C328.869 97.9457 327.424 93.3835 327.424 87.7062C327.424 82.0289 328.869 77.4666 331.721 74.1401C334.546 70.8458 338.36 69.1785 343.054 69.1785C347.747 69.1785 351.894 70.8699 354.81 74.2152C357.754 77.5873 359.247 82.1736 359.247 87.8375C359.247 91.5071 358.566 94.7746 357.223 97.557V97.5597Z" fill="#03AAC1"/>
-<path d="M512.002 70.4034V52.6692H496.806V27.6521H475.893V52.6692H462.914V70.4034H475.893V99.4333C475.893 115.573 479.072 127.434 498.889 127.067L511.329 126.823V110.195H505.156C496.348 110.195 496.839 105.06 496.839 95.5224L496.804 70.4034H511.999H512.002Z" fill="#03AAC1"/>
-<path d="M301.256 70.4034V52.6692H286.06V27.6521H265.147V52.6692H252.168V70.4034H265.147V99.4333C265.147 115.573 268.326 127.434 288.143 127.067L300.583 126.823V110.195H294.41C285.602 110.195 286.092 105.06 286.092 95.5224L286.058 70.4034H301.253H301.256Z" fill="#03AAC1"/>
-<path d="M52.4882 45.5261H84.0671L116.373 77.6251C118.474 79.7132 118.485 83.1094 116.394 85.2083L74.9642 126.847H42.4336L52.2684 117.286L88.3774 81.4046L52.7267 45.5234" fill="#03AAC1"/>
-<path d="M65.4673 81.325H33.8883L1.58286 49.226C-0.518654 47.1378 -0.529376 43.7416 1.56142 41.6428L42.9912 0.0012207H75.5218L65.6871 9.56257L29.578 45.4438L65.2287 81.325" fill="#03AAC1"/>
-</g>
-<defs>
-<clipPath id="clip0_3037_70295">
-<rect width="512" height="154.416" fill="white"/>
-</clipPath>
-</defs>
-</svg>
+<svg viewBox="0 0 40 40" fill="none" xmlns="http://www.w3.org/2000/svg"><rect width="40" height="40" rx="8.711" fill="#00f0ff"/><path d="M18.46 15.767h7.468l7.64 7.592c.498.493.5 1.297.006 1.793L23.775 35h-7.693l2.326-2.261 8.54-8.486-8.432-8.487" fill="#1b1b1b"/><path d="M21.53 24.234h-7.47l-7.64-7.592a1.267 1.267 0 0 1-.005-1.793L16.214 5h7.693l-2.326 2.261-8.54 8.486 8.432 8.487" fill="#1b1b1b"/></svg>
diff --git a/auth/assets/custom-icons/icons/deriv.svg b/auth/assets/custom-icons/icons/deriv.svg
new file mode 100644
index 0000000000..41581a265d
--- /dev/null
+++ b/auth/assets/custom-icons/icons/deriv.svg
@@ -0,0 +1 @@
+<svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 216.86 72"><path fill="#FF444F" d="m43.472 2.271-3.715 21.06H26.86c-12.03 0-23.498 9.744-25.623 21.77l-.9 5.118C-1.777 62.246 6.25 71.99 18.281 71.99h10.755c8.768 0 17.122-7.095 18.664-15.86L57.605 0zm-9.15 51.872c-.475 2.707-2.914 4.911-5.622 4.911h-6.534c-5.408 0-9.026-4.388-8.077-9.803l.564-3.192c.958-5.405 6.119-9.803 11.526-9.803h11.298zm108.463 17.845 8.462-47.986h13.385l-8.462 47.986zm1.448-47.433-2.016 11.419c-6.341-1.97-12.883-1.343-14.893-.942L120.806 72h-13.394l8.032-45.52c4.357-1.803 15.055-5.462 28.789-1.925m-54.27-1.232h-10.42c-10.152 0-19.83 8.221-21.619 18.37L55.819 53.62c-1.79 10.15 4.981 18.37 15.135 18.37h22.163l2.273-12.895H74.562c-3.38 0-5.644-2.737-5.041-6.127l.07-.405h33.58l1.918-10.87c1.789-10.149-4.982-18.37-15.135-18.37zm1.69 17.342-.079.692H71.606l.109-.613c.602-3.38 3.687-6.354 7.077-6.354h7.8c3.351 0 5.615 2.925 5.061 6.275m111.81-16.663h13.394c-4.563 12.126-15.019 32.755-25.149 47.986h-13.394c-4.65-14.496-7.653-34.695-8.225-47.986h13.395c.241 4.335 2.183 20.417 4.399 31.651 6.077-10.93 12.777-25.269 15.569-31.651z"/></svg>
diff --git a/auth/assets/custom-icons/icons/yahoo.svg b/auth/assets/custom-icons/icons/yahoo.svg
index 182be51925..38885c8bb1 100644
--- a/auth/assets/custom-icons/icons/yahoo.svg
+++ b/auth/assets/custom-icons/icons/yahoo.svg
@@ -1 +1 @@
-<svg xmlns="http://www.w3.org/2000/svg" preserveAspectRatio="xMidYMid" viewBox="0 0 512 142.04"><path d="M0 34.607h30.475l17.69 45.324 17.95-45.324h29.7l-44.68 107.436H21.306l12.268-28.409zm126.676-1.808c-22.856 0-37.318 20.532-37.318 40.934 0 22.985 15.883 41.193 36.931 41.193 15.754 0 21.694-9.556 21.694-9.556v7.49h26.6V34.607h-26.6v7.102c-.13 0-6.715-8.91-21.307-8.91m5.682 25.18c10.589 0 16.012 8.394 16.012 15.883 0 8.135-5.81 16.142-16.012 16.142-8.393 0-16.012-6.844-16.012-15.754 0-9.04 6.07-16.27 16.012-16.27m51.265 54.88V0h27.763v41.967s6.585-9.168 20.402-9.168c16.916 0 26.86 12.655 26.86 30.604v49.457h-27.635V70.118c0-6.07-2.84-12.01-9.426-12.01-6.715 0-10.201 5.94-10.201 12.01v42.742zM306.038 32.8c-26.214 0-41.838 19.886-41.838 41.322 0 24.276 18.853 40.934 41.967 40.934 22.34 0 41.838-15.883 41.838-40.547 0-26.988-20.532-41.709-41.967-41.709m.258 25.31c9.297 0 15.625 7.747 15.625 15.882 0 6.973-5.94 15.625-15.625 15.625-8.91 0-15.495-7.102-15.495-15.754 0-8.135 5.423-15.754 15.495-15.754m87.938-25.31c-26.214 0-41.839 19.886-41.839 41.322 0 24.276 18.853 40.934 41.968 40.934 22.34 0 41.838-15.883 41.838-40.547 0-26.988-20.403-41.709-41.967-41.709m.258 25.31c9.297 0 15.625 7.747 15.625 15.882 0 6.973-5.94 15.625-15.625 15.625-8.91 0-15.496-7.102-15.496-15.754 0-8.135 5.553-15.754 15.496-15.754m63.66 19.498c10.202 0 18.466 8.264 18.466 18.466 0 10.2-8.264 18.465-18.465 18.465s-18.466-8.264-18.466-18.465 8.265-18.466 18.466-18.466m24.536-6.715H449.5L478.943 0H512z" fill="#5F01D1"></path></svg>
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 1024 1024"><circle cx="512" cy="512" r="512" style="fill:#6001d2"/><path d="M256 390.61h101.45l59.06 151 59.83-151H575L426.38 748.15H327l40.66-94.74Zm332.7 143.54a61.36 61.36 0 1 0 61.37 61.35 61.36 61.36 0 0 0-61.37-61.35M768 275.85H657.83l-98.09 235.67h110.55Z" style="fill:#fff"/></svg>

From 5033ab2fede697c629d12ee5773a4fda77b20701 Mon Sep 17 00:00:00 2001
From: ashilkn <ashilkn99@gmail.com>
Date: Thu, 11 Jul 2024 16:01:11 +0530
Subject: [PATCH 6/7] [mob][photos] bump up to v0.9.7

---
 mobile/pubspec.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/mobile/pubspec.yaml b/mobile/pubspec.yaml
index a0479b453d..8b2cbcfe43 100644
--- a/mobile/pubspec.yaml
+++ b/mobile/pubspec.yaml
@@ -12,7 +12,7 @@ description: ente photos application
 # Read more about iOS versioning at
 # https://developer.apple.com/library/archive/documentation/General/Reference/InfoPlistKeyReference/Articles/CoreFoundationKeys.html
 
-version: 0.9.6+906
+version: 0.9.7+907
 publish_to: none
 
 environment:

From 9fe894e36898c93432eac3bfcce0c08e6075b792 Mon Sep 17 00:00:00 2001
From: Neeraj Gupta <254676+ua741@users.noreply.github.com>
Date: Thu, 11 Jul 2024 18:32:46 +0530
Subject: [PATCH 7/7] [auth] Fix json

---
 .../custom-icons/_data/custom-icons.json      | 20 +++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/auth/assets/custom-icons/_data/custom-icons.json b/auth/assets/custom-icons/_data/custom-icons.json
index a6019b5a6e..33162f80dc 100644
--- a/auth/assets/custom-icons/_data/custom-icons.json
+++ b/auth/assets/custom-icons/_data/custom-icons.json
@@ -1,9 +1,9 @@
 {
   "icons": [
-     { "title": "1xBet", 
-       "altNames": ["1x", "1x bet", "1x-bet"
-       ]
-     },
+    { "title": "1xBet",
+      "altNames": ["1x", "1x bet", "1x-bet"
+      ]
+    },
     {
       "title": "3Commas"
     },
@@ -15,7 +15,7 @@
       "title": "Airtable"
     },
     {
-      "title": "airtm"
+      "title": "airtm",
       "hex": "000000"
     },
     {
@@ -120,7 +120,7 @@
     {
       "title": "DEGIRO"
     },
-     {
+    {
       "title": "deriv"
     },
     {
@@ -341,8 +341,8 @@
     {
       "title": "Odido"
     },
-     { "title": "okx", 
-       "hex": "858585" },
+    { "title": "okx",
+      "hex": "858585" },
     {
       "title": "Parsec"
     },
@@ -560,8 +560,8 @@
       ],
       "slug": "Yandex"
     },
-     { "title": "yahoo" },
-    {
+    { "title": "yahoo" },
+
     {
       "title": "YNAB",
       "altNames": [