Consider in-app authentication requirements

ccjernigan commented 2 years ago

Is your feature request related to a problem? Please describe.

This is a followup feature for Electric-Coin-Company/zashi-android#13. Currently, the app's encrypted storage is locked with OS-wide authentication. Some users might prefer an additional biometric or pin prompt when opening the app.

There are different options we can consider, ranging from:

Requiring a recent authentication (e.g. within the last 5 minutes)
Requiring an unlock for each time the user cold-starts the app (effectively for each time we access the encrypted credentials)
Require authorization for dangerous operations only (e.g. spending or displaying the seed phrase)

Describe the solution you'd like

Depending on the UX design, this could be enabled for all users or put behind a preference so that the additional unlock is optional.

Regardless, the implementation would leverage the Android Keystore APIs.

https://developer.android.com/training/articles/keystore#UserAuthentication

true-jared commented 7 months ago

More Context and Validation from the Beta Testing Group on Discord:

daira commented 4 months ago

Released on iOS and Android.

Electric-Coin-Company / zashi

Consider in-app authentication requirements #7

Is your feature request related to a problem? Please describe.

Describe the solution you'd like