← Back to Sortify
Security

Sortify Security Overview

Last updated: 6 June 2026 Published by: MokingBird Oy


Introduction

Security is a foundational design principle of Sortify, not an afterthought. Because Sortify is used to track real-world items in homes, labs, workshops, and businesses — spaces that are personal and sometimes sensitive — we built the app around a model that minimizes exposure of your data while enabling secure, seamless collaboration.

This document describes the security architecture, controls, and shared responsibility model that underpin Sortify. It is intended for users, workspace owners, IT administrators evaluating Sortify for team use, and app store reviewers.


1. Security Philosophy

Sortify is built on three principles:

1. Local-first. Your data stays on your device by default. There is no requirement to upload your workspace contents to MokingBird servers. The primary copy of your data is always the local device database.

2. User-controlled cloud and zero-knowledge transport. When sync is enabled, your workspace data is encrypted before it leaves your device. Personal and small-collaboration workspaces can store encrypted sync artifacts in a cloud account you own and control. Entitlement-enabled Sortify Cloud and Enterprise SyncNative workspaces use managed Firebase/Firestore transport for encrypted events and checkpoints. In both models, MokingBird cannot read plaintext workspace contents or plaintext workspace keys. Where recovery protection is enabled, MokingBird may store encrypted key envelopes in Firebase/Firestore, but not plaintext workspace contents or plaintext workspace keys.

3. Least practical privilege. Each component only has access to what it needs for the implemented workflow. Workspace members have role-appropriate access. The app requests minimum practical permissions from the operating system and cloud providers. Google Drive collaboration uses the narrower drive.file model with targeted authorization of known Sortify workspace files instead of requesting full Drive access.


2. Authentication and Identity

2.1 Identity Providers

Sortify uses Firebase Authentication (Google LLC) to manage user identity. Credentials are managed by an industry-standard identity platform, not stored in a custom database. Supported sign-in methods:

MethodNotes
Email + PasswordPassword hashed by Firebase; MokingBird never stores plaintext passwords
Email Link (Passwordless)One-time sign-in link sent to email; no password required
Google Sign-InOAuth 2.0; scopes: email and profile
Microsoft Sign-InMicrosoft identity OAuth; profile identity only for Sortify account access
Apple Sign-InOAuth via Apple; iOS only

Related account features include: password reset email, email verification, profile update support, and account deletion flow.

2.2 Firebase App Check

Sortify initializes Firebase App Check at startup to verify that requests originate from the genuine Sortify application.

PlatformDevelopmentProduction
AndroidDebug providerPlay Integrity
iOSDebug providerDeviceCheck

App Check helps prevent unauthorized clients from accessing Firebase backend services even if an API key were exposed.

2.3 Password Policy

When using email/password authentication:

2.4 Account Lockout

2.5 Session Management


3. App-Level Access Controls (PIN and Biometric Lock)

3.1 PIN Lock

3.2 Biometric Lock

3.3 Auto-Lock


4. Local Data Protection

4.1 SQLite Database

Sortify stores all operational workspace data (items, rooms, history, workspace metadata) in a local SQLite database stored in the app's private data directory:

4.2 Secure Storage

Sensitive values are stored using platform-native secure storage:

PlatformMechanism
AndroidAndroid Keystore / EncryptedSharedPreferences (FlutterSecureStorage)
iOSiOS Keychain Services

Secure storage is used for: workspace encryption keys, PIN hash data, session-related tokens, and other sensitive local security values.

4.3 Photo Storage

Item photos are stored in the app's private directory, not accessible to other apps. Provider photo sync for Google Drive, OneDrive, and Dropbox uses an optional separate encrypted photo_workspace.sortifypkg package so photo sync can be enabled per workspace and independently from the core workspace package. Images are normalized to JPEG, constrained to a maximum 1280 x 1280 bounding box without upscaling, compressed at quality 55, encrypted with the workspace key using AES-256-GCM, and protected by package checksums. Core join and recovery do not require the photo package.

Sortify Cloud and Enterprise use the same low-resolution compression boundary for optional managed photo sync. Each image is encrypted on-device with the workspace key before upload to a workspace-scoped Firebase Storage path. Firestore receives only ciphertext metadata. Storage and Firestore rules require active workspace membership for managed media; auditor and viewer roles cannot upload media. Photo-sync failure does not block core inventory event synchronization.


5. Workspace Encryption

5.1 Algorithm

Sortify uses AES-256-GCM for all workspace sync encryption.

ParameterValue
AlgorithmAES-256-GCM
Key length256 bits (32 bytes)
IV (Initialization Vector) length96 bits (12 bytes)
Authentication tag128 bits (GCM standard)
Key generationCryptographically secure random (Random.secure())

GCM mode provides both confidentiality (data cannot be read without the key) and authentication (tampered ciphertext is rejected).

5.2 Key Management

Sortify's recovery architecture adds an account-level envelope layer without giving MokingBird plaintext keys:

Firebase Authentication proves identity. It is not, by itself, the encryption secret. If a user forgets the applicable password and loses all unlocked devices, encrypted workspace recovery may be impossible because MokingBird cannot decrypt the envelopes for the user.

5.3 Sync File Format

When workspace data is prepared for sync:

  1. The workspace database is serialized
  2. A fresh IV is generated per encryption operation
  3. Data is encrypted with the workspace key using AES-256-GCM
  4. The resulting file is uploaded to the cloud storage folder

Format: [12-byte IV][AES-256-GCM ciphertext with 128-bit auth tag]

For managed Sortify Cloud and Enterprise SyncNative workspaces, the same zero-knowledge rule applies to realtime deltas: the device encrypts each change event or checkpoint before upload, and the server stores only encrypted payloads plus safe routing metadata.

5.4 Key Rotation

Sortify includes a key-rotation framework for workspace encryption keys. Rotation behavior, schedule, and rollout policy may vary by release and operational policy.

Key rotation should be used deliberately, such as after member removal, suspected compromise, ownership changes, or explicit security action. Aggressive time-based key rotation is avoided because collaborative encrypted workspaces require stable access to historical encrypted snapshots and per-member envelopes.


6. Sync Security

6.1 Cloud Authorization

Sortify accesses cloud storage using OAuth 2.0 obtained through the provider's standard consent flow. At the time of this document version, production sync support is Google Drive, OneDrive, and Dropbox. OAuth tokens are stored in device secure storage.

6.1.1 Google Drive

For Google Drive, Sortify uses the narrower Google Drive drive.file access model:

https://www.googleapis.com/auth/drive.file

Under this model, Sortify does not request broad access to a user's full Google Drive. Instead, Sortify stores exact Google Drive file references for the encrypted Sortify workspace package and asks the user to authorize those known Sortify files when needed.

For collaborative Google Drive workspaces, a secondary user may see a Finalize Join step after the primary user approves the workspace request. This step can open Google's file authorization interface so the user can grant Sortify access to the specific encrypted Sortify workspace package shared with them. The user is not being asked to browse their whole Drive; the goal is to authorize the known Sortify workspace file needed for sync.

The security boundary is implemented through provider permissions, app behavior, and stored workspace file references:

6.1.2 Microsoft OneDrive

When OneDrive is enabled, Sortify uses Microsoft identity and Microsoft Graph OAuth permissions to operate Sortify workspace folders and encrypted Sortify sync files.

The current implementation direction uses permissions for:

Security boundaries:

6.1.3 Dropbox

When Dropbox is enabled, Sortify uses Dropbox OAuth permissions to operate Sortify workspace folders, encrypted Sortify sync files, metadata, and shared-folder membership.

The current implementation direction uses permissions for:

Security boundaries:

6.1.4 Sortify Cloud and Enterprise SyncNative

Sortify Cloud and Enterprise SyncNative workspaces use MokingBird-managed infrastructure as a zero-knowledge encrypted transport, not as a plaintext inventory database.

Security boundaries:

Sortify Cloud serves eligible non-enterprise users who want managed collaboration without connecting every invited member to Google Drive, OneDrive, or Dropbox. Enterprise SyncNative serves eligible organizations that need encrypted event collaboration, organization-scoped administration, member controls, checkpoints, and operational support. Access is controlled by entitlement and deployment configuration.

6.2 Sync Behavior

Current sync security behavior includes:

6.3 What MokingBird Cannot Access

Because sync artifacts are encrypted with workspace keys that are stored locally or recoverable only through encrypted key envelopes:

6.4 Conflict Resolution

When the same workspace is modified on multiple devices:


7. Export Security

Sortify includes secure export functionality supporting:

Users should treat plain export files as sensitive data and store them appropriately.


8. Workspace Access Control

8.1 Role-Based Permissions

PermissionPrimary (Owner)Secondary (Member)Read-Only
View items
Add items
Edit items
Move items
Delete items
Invite members
Remove members
Manage workspace settings
Delete workspace

8.2 Invitation Control

Only the Primary User can generate workspace invitations. The Primary User can revoke access by removing a member at any time.

Sortify distinguishes two approval concepts:

For private cloud providers such as Google Drive, OneDrive, and Dropbox, provider access may be required even when a workspace is configured for no manual Sortify approval. Firebase membership alone does not make a private provider folder or file accessible. Sortify therefore tracks approval states separately so the app can show whether a user is waiting for Sortify workspace approval, cloud-provider access, or a provider-specific Finalize Join action. For Google Drive drive.file workspaces, this may include selecting or authorizing the encrypted Sortify workspace package that the owner shared.

8.3 Data Isolation

Workspace data is scoped by workspace_id throughout the data model. A user with access to one workspace cannot access data from another workspace they are not a member of. This is enforced at the database query level.


9. Audit Trail and History

Sortify maintains a complete audit trail:

History is stored locally and synced. Secondary users cannot delete workspace history.


10. Error, Analytics, and Monitoring

Sortify initializes:

Crash and analytics reports are designed not to include workspace inventory content or photos. Telemetry configuration may vary by release and environment.


11. Security Responsibilities

11.1 What MokingBird Is Responsible For

11.2 What Users Are Responsible For

User ResponsibilityWhy It Matters
Keeping device secureLocal database accessible on rooted/jailbroken devices
Protecting login credentialsCompromised credentials allow unauthorized account access
Securing linked cloud storage accountCloud account holds encrypted sync files; MFA is recommended
Managing workspace membership carefullyInvited members gain access to workspace data
Enabling PIN / biometric lockProtects app when device is unlocked
Reporting security issuesContact [email protected]

12. Known Security Boundaries

Users should be aware of the following:


13. Public Security Trust Themes

For website and app-store trust messaging, the strongest accurate claims about Sortify are:


14. Security Incident Response

If MokingBird becomes aware of a material security vulnerability or incident:

To report a security vulnerability: [email protected]

Please describe the issue, steps to reproduce, and potential impact. We will respond to responsible disclosures promptly.


15. Third-Party Security Dependencies

ComponentProviderPurpose
Firebase AuthenticationGoogle LLCUser identity and credential management
Firebase App CheckGoogle LLCApp integrity (Play Integrity / DeviceCheck)
Firebase CrashlyticsGoogle LLCCrash and error reporting
Firebase AnalyticsGoogle LLCAnonymous usage analytics
Firebase Performance MonitoringGoogle LLCPerformance diagnostics
Firebase FirestoreGoogle LLCMembership coordination, encrypted recovery envelopes, and zero-knowledge managed sync transport
Google Drive APIGoogle LLCCloud sync storage (user's own account)
Microsoft identity / Microsoft GraphMicrosoftMicrosoft sign-in and OneDrive sync where enabled
Dropbox APIDropboxDropbox sync storage where enabled
Android Keystore / iOS KeychainGoogle / AppleSecure key and credential storage
Deep link routingInternalInvite and collaboration link handling
Flutter encrypt packageOpen sourceAES-256-GCM implementation

Sortify is a registered brand of MokingBird Oy, Finland. Security document version 1.2 — June 2026