[FEATURE] clear pgp passphrase cache on screen-off

[agrahn]

Is your feature request related to a problem? Please describe.

Currently, the only way to clear the cached pgp passphrase seems to be by disabling passphrase caching in the app settings. The cache even survives a forced stop of the APS app in the phone settings. Thus, once the passphrase has been entered and cached, passwords can be unlocked and retrieved from the store simply by entering the screen-lock pin at any later time. This is problematic in terms of security in my opinion.

Describe the solution you'd like

It would be desirable that APS forgets the cached passphrase as soon as the screen is switched off, or at least after a configurable period of time, and, of course, when the app terminates. Screen-off is the default option in OpenKeychain and it seems most sensible to me.

Describe alternatives you've considered

No alternative considered.

Additional context

Using latest snapshot build of the development branch.

[agrahn]

Thank you very much! I tested the snapshot build and the passphrase is indeed deleted when the screen is turned off manually (by pressing the device's power button). However, if I leave the device unattended and the screen turns off on its own, the passphrase is not deleted. Do you think there is anything that can be done about this?

[msfjarvis]

Thank you very much! I tested the snapshot build and the passphrase is indeed deleted when the screen is turned off manually (by pressing the device's power button). However, if I leave the device unattended and the screen turns off on its own, the passphrase is not deleted. Do you think there is anything that can be done about this?

That's odd, the documentation clearly says it is triggered without requiring an explicit user action. If you can share your device model and Android version I can try to look into it more.

[agrahn]

... However, if I leave the device unattended and the screen turns off on its own, the passphrase is not deleted.

That's odd, the documentation clearly says it is triggered without requiring an explicit user action. If you can share your device model and Android version I can try to look into it more.

Thank you for your prompt reply! My "About phone" says "moto g82 5G (XT2225-1)" for the model and "TISUS33.1-124-6-8-1" for the build number. It is a Motorola phone with Android 13.

(Note: I fixed a typo in the model name.)

[agrahn]

An observation I made on my phone which might be relevant: When the screen auto-switches off, the app is minimised/sent to the background. On the next screen unlock, the app needs to be brought back to the foreground first in order to be interacted with. This does not happen with other apps, including the APS stable release version.

(Could this be the reason why ACTION_SCREEN_OFF is not received and handled?)

[msfjarvis]

It's possible the app actually just crashes due to an unhandled exception. If you can capture a log and attach it here it'll be easier to debug it.

[agrahn]

It's possible the app actually just crashes due to an unhandled exception. If you can capture a log and attach it here it'll be easier to debug it.

You were right, the app indeed crashes on screen auto-switch-off. I attach log.txt. (I had to remove the -doption from the adb logcat command in order to observe the app while it is crashing.)

[msfjarvis]

It's possible the app actually just crashes due to an unhandled exception. If you can capture a log and attach it here it'll be easier to debug it.

You were right, the app indeed crashes on screen auto-switch-off. I attach log.txt. (I had to remove the -doption from the adb logcat command in order to observe the app while it is crashing.)

Great, thanks for the log. I have an idea for what to do about this.

[msfjarvis]

Hm this didn't end up being as straightforward as I expected, will have to circle back to this in a few hours.

The passphrase cache takes care to always open a fresh instance of EncryptedSharedPreferences but seems like naively deleting the backing file still leaves data in memory that doesn't get cleared until the app is fully closed. I don't quite see why that's the case, but it needs more investigation than I can do right this moment.