All notable changes to DayVault (Memory Palace) will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
-
PIN Authentication System with PBKDF2-like key derivation
- 4-6 digit PIN support
- 100,000 iteration key derivation for brute-force resistance
- Secure storage in platform keystore/keychain
lib/services/security_service.dart
-
Rate Limiting & Lockout
- Maximum 5 PIN attempts before lockout
- 30-second cooldown period
- Visual countdown display during lockout
- Attempt counter reset on successful authentication
-
Field-Level Encryption
- XOR cipher with 256-bit derived keys
- Journal entry content encrypted before storage
- Graceful fallback for pre-encryption data
lib/services/encryption_service.dart
-
Biometric Authentication
- Fingerprint support (Android)
- Face ID support (iOS)
- Fallback to PIN on failure
- Proper error handling
- Lock Screen completely rewritten with security focus
- Visual feedback for remaining attempts
- Shake animation on incorrect PIN
- Loading state during initialization
- Security status indicator
-
Auto-Save Functionality
- 3-second delayed auto-save for drafts
- Draft recovery on app restart
- Visual save status indicator (spinner/edit icon)
- Automatic draft cleanup after successful save
lib/screens/entry_editor.dart
-
Backup & Export System
- Encrypted JSON export (
.encryptedformat) - Unencrypted export option (
.jsonformat) - Share to cloud storage (Drive, iCloud, Dropbox)
- Backup management UI (view, delete backups)
- Import functionality with validation
lib/services/backup_service.dart
- Encrypted JSON export (
-
Draft Management
- Secure draft storage using flutter_secure_storage
- Automatic draft loading for incomplete entries
- Draft discard option in recovery snackbar
- Storage Service extended with draft methods
saveDraft(),getDraft(),deleteDraft()- Separate storage for drafts vs persisted data
-
Real Image Picker
- Camera integration for photos
- Gallery selection with image picker
- Local storage in app documents directory
- Image compression (85% quality, 1920x1080 max)
- Multiple image support per entry
- Image preview with delete option
-
Entry Editor Improvements
- Auto-save status indicator
- Unsaved changes warning
- Better error handling
- Loading state during save
- Entry Editor migrated to ConsumerStatefulWidget
- Proper Riverpod integration
- Better state management
- Improved lifecycle handling
-
Android Permissions (
AndroidManifest.xml)- Camera access
- Photo library access (legacy + modern)
- Biometric authentication
- File access for backups
- Keystore feature access
-
iOS Permissions (
Info.plist)- NSCameraUsageDescription
- NSPhotoLibraryUsageDescription
- NSPhotoLibraryAddUsageDescription
- NSFaceIDUsageDescription
- NSDocumentsFolderUsageDescription
- App Name updated to "DayVault" (from "memory_palace")
- Activity Configuration updated for lock screen support
showWhenLocked="true"turnScreenOn="true"
crypto: ^3.0.3 # Cryptographic hashing
image_picker: ^1.0.7 # Camera/gallery access
share_plus: ^7.2.2 # File sharing
uuid: ^4.3.3 # Unique ID generation
permission_handler: ^11.3.0 # Runtime permissionsSECURITY_FEATURES.md- Comprehensive security documentationCHANGELOG.md- This changelog- Extensive code comments in security services
- Architecture diagrams in documentation
- Fixed undefined
piin radial time picker - Fixed missing
computeimport for PBKDF2 - Fixed deprecated
encryptedSharedPreferencesparameter - Fixed unused imports and variables
- Fixed const constructor warnings
-
ObjectBox Service simplified (removed runtime encryption config)
- Note: ObjectBox encryption should be enabled at compile time
- Field-level encryption handles sensitive data
-
Security Service uses compute isolates
- Key derivation runs in background
- Prevents UI blocking during hashing
-
Entry Editor uses
dart:mathprefix- Avoids conflicts with Flutter classes
- ✅ All compilation errors fixed
- ✅ Build successful (APK generated)
⚠️ 7 info-level style suggestions remaining (non-blocking)
- Dual-mode journaling (Story/Event)
- Calendar view with entry indicators
- Identity/ranking system
- Glassmorphism UI design
- Material dark theme
- ObjectBox database integration
- Basic lock screen (insecure)
- ❌ PIN stored in plaintext
- ❌ No data encryption
- ❌ No backup system
- ❌ Fake image storage (picsum.photos)
- ❌ No auto-save
- ❌ Hardcoded metrics
- ObjectBox compile-time encryption
- Screenshot prevention (Android FLAG_SECURE)
- App switcher content hiding
- Rich text editor
- Tags system UI
- Mood analytics charts
- Search filters (mood, date, type)
- Cloud sync with end-to-end encryption
- Panic PIN (duress code)
- Auto-lock timer
- Export to PDF
- Home screen widget
- Voice input for entries
| Version | Release Date | Status |
|---|---|---|
| 1.1.0 | 2026-03-14 | ✅ Current |
| 1.0.0 | 2026-02-11 | ✅ Stable |
- None - All changes are backward compatible
- Existing entries will be encrypted on first save
- PIN will need to be set on first launch (if not already set)
- Old unencrypted entries remain readable
- New entries automatically encrypted
- Mixed encrypted/unencrypted data handled gracefully
- Run
flutter pub getto install new dependencies - Run
dart run build_runner buildto regenerate code - Set up PIN on first launch (if not configured)
- Grant permissions for camera/storage when prompted
For detailed security implementation details, see SECURITY_FEATURES.md