search

UniversalDevicesInc / UD-Mobile-Android

Issue-only repository for tracking issues related to the UD Mobile Android App
0 stars 1 forks source link

Require admin access for user specified nodes or controls...looking good... #15

Open mcisar opened 3 years ago

mcisar commented 3 years ago

Everything seems to work as I would expect after install.

Only one minor thing that I'd put down as a "want". Would be nice to be prompted for a PIN/password of some sort when opening/using the app in remote mode (ie. not local network). Maybe it could be optional for those who do or don't want it.

When you may have things like zwave locks on your ISY that can unlock your home, a little extra level of protection to keep someone from being able to pop your doors if they find your phone.

JavierRefuerzo commented 3 years ago

Hi @mcisar ,

Thanks for your feedback.

We will keep this in mind as we continue to develop. Would adding a password be a required layer if the Android device is locked? We can look into higher security (banking level) by wiping saved credentials/tokens on app exist, although this would require a login every time the app is open, for every connection method (i.e. local, remote), and for every ISY linked to the app.

mcisar commented 3 years ago

I don’t think I’d go so far as to “banking level” security, but the option of an app-level PIN I think would be reasonable even given that the device itself might be locked.

My mindset is that I would even be happy if it only prompted for PIN on certain actions. That is to say I don’t particularly care if you can lock my door, or turn my lights on and off, but an unlock event needs a PIN. I think that would be far more complex of a scenario to code however.

Mike

From: Javi notifications@github.com Sent: December 13, 2020 10:22 PM To: UniversalDevicesInc/UD-Mobile-Android UD-Mobile-Android@noreply.github.com Cc: Mike Cisar mcisar@ctsgalberta.com; Mention mention@noreply.github.com Subject: Re: [UniversalDevicesInc/UD-Mobile-Android] Looking good... (#15)

Hi @mcisarhttps://github.com/mcisar ,

Thanks for your feedback.

We will keep this in mind as we continue to develop. Would adding a password be a required layer if the Android device is locked? We can look into higher security (banking level) by wiping saved credentials/tokens on app exist, although this would require a login every time the app is open, for every connection method (i.e. local, remote), and for every ISY linked to the app.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://github.com/UniversalDevicesInc/UD-Mobile-Android/issues/15#issuecomment-744174521, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AB2DJHM2WEAPKK7ANEFU5L3SUWOGJANCNFSM4UZDPPHA.

JavierRefuerzo commented 3 years ago

Hi @mcisar ,

I see, can you rename the issue to something along the lines of "Require admin access for user specified nodes or controls". We can add a flag for nodes or controls which would require a password to function. This will be a great addition, although it may be a while before I have time to implement.