[sunshine-o]

This is actually a better outcome than finding out one day the app have a serious security problem.

While i like `pass` and that Android app looked really good, this is just not serious.

Because the fact that most people will end up trusting a random app as their password manager because it has 2k star on Github is crazy.

If you want to use `pass` on Android you should tinker something with termux .

[mr_mitm]

In actually SSH into my desktop PC and use pass there to access my secrets.

Luckily, I only need to do this occasionally, so the inconvenience is bearable. Still waiting on the day where I randomly get logged out of an important app while not having internet access, or the power going out in my apartment right after I leave for two weeks (happened once, luckily didn't need my passwords then).

[mid-kid]

The point of `pass` is to offload the security aspect to gpg, so unless something goes wrong with that, I don't believe continued use, even if unmaintained, is very insecure.

[rvense]

The Android app will by necessity receive the decrypted passwords from GPG to display and copy them to the clipboard. It could do whatever else it wants with them.

[hashworks]

I think termux has some limitations here (due to missing libraries), namely gpg decryption via hardware keys.