VasilisKos
commented
1 year ago There's no point in the security reasons arguement. Enabling KeepScreenOn doesn't deactivate the device's lock. I don't think it's necessary.
Closed Simplenuity closed 1 year ago
VasilisKos
commented
1 year ago There's no point in the security reasons arguement. Enabling KeepScreenOn doesn't deactivate the device's lock. I don't think it's necessary.
elastic-rock
commented
1 year ago @Simplenuity could you please explain the security risk, because I can't really understand it. Thank you.
Simplenuity
commented
1 year ago KeepScreenOn surely does not take away the possibility to lock the screen. But as long as KeepScreenOn is activated it prevents the screen to get locked - as intended.
There are two security risks scenarios:
1- I activate KeepScreenOn and I simply forget or I get interrupted without the possibility to lock the screen before putting down the device. So if someone else gets hold of the device, it's unlocked. That's the risk we take by using such an app. From a security point of view it's usually not acceptable. That's the reason company IT security/privacy policies require an automatic screen lock after a certain amount of time - and consider the deactivation of this functionality actually a breach!
2- I activate KeepScreenOn, do whatever I wanted to do on the device without having to touch the screen all the time. When I'm finished I lock the screen - but forget to deactivate KeepScreenOn. So next time I unlock the phone and might not be aware anymore that KeepScreenOn is still active! Either I could end up with scenario 1 (interruption) or I put down the device with the expectation of it getting locked after let's say 1min. Again, I end up with an unlocked device possibly exposed to someone else.
To reduce the security risk that comes with scenario 1 (it's obvious, completely avoiding it would mean not using the app) might be more difficult to implement, for example by using device sensors.
The aim of my suggestion is to reduce the risk by avoiding scenario 2. This would be achieved if a manual screen lock also deactivated KeepScreenOn.
Hope this explains it better :)
Simplenuity
commented
1 year ago I just discovered this app on f-droid: KeepOn Have a look at screenshot three. It has exactly what I'm suggesting, the option to "Automatically restore value to 1 minute after you lock the device"
VasilisKos
commented
1 year ago I just discovered this app on f-droid: KeepOn Have a look at screenshot three. It has exactly what I'm suggesting, the option to "Automatically restore value to 1 minute after you lock the device"
This feature would require a background service, like KeepOn does. KeepScreenOn doesn't use a background service. It just changes the timeout setting. That's the feature that makes it unique for me. If a background service is implemented, it'll be over for me. I won't use it anymore. I'd suggest the dev to keep it as it is, without a background service. Nice and simple.
Simplenuity
commented
1 year ago @VasilisKos, thanks, I understand where you're coming from. Less permissions and less background activities are also one of the factors I consider when choosing an app. Security/privacy is another one. Unfortunately both factors don't go hand in hand at times...
Edit: Thinking about it further the background activity would only be happening while the app is actually used. Meaning it wouldn't be the 24/7 background activity we are usually referring to talking about background activity, would it?
elastic-rock
commented
1 year ago I have worked on the feature and unfortunately, it is not possible to do something when the screen is turned off without running a background service. However, one will still be able to use the app without running a background service if they choose to not use the feature. Before I release it, I will redesign the app UI and do further testing.
VasilisKos
commented
1 year ago I have worked on the feature and unfortunately, it is not possible to do something when the screen is turned off without running a background service. However, one will still be able to use the app without running a background service if they choose to not use the feature. Before I release it, I will redesign the app UI and do further testing.
Well, I'll probably stick with 1.6.0
elastic-rock
commented
1 year ago Well, I'll probably stick with 1.6.0
That is indeed your right but I'm curious. I understand that you don't want to have a background service running, but the default will still be without a background service (unless the user enables listening for screen off or low battery), so what's the reason for skipping versions? 🤔
VasilisKos
commented
1 year ago Well, I'll probably stick with 1.6.0
That is indeed your right but I'm curious. I understand that you don't want to have a background service running, but the default will still be without a background service (unless the user enables listening for screen off or low battery), so what's the reason for skipping versions? 🤔
What's the point of updating to a version with new features you'll never use? 😏 Unless there are some bug fixes, which I haven't encountered yet. This app is very simple, and fulfills a simple task. No need for further updates for me.
elastic-rock
commented
1 year ago Well, I'll probably stick with 1.6.0
That is indeed your right but I'm curious. I understand that you don't want to have a background service running, but the default will still be without a background service (unless the user enables listening for screen off or low battery), so what's the reason for skipping versions? 🤔
What's the point of updating to a version with new features you'll never use? 😏 Unless there are some bug fixes, which I haven't encountered yet. This app is very simple, and fulfills a simple task. No need for further updates for me.
Makes sense. 🙂 I never thought about that since I just auto update without thinking about it.
VasilisKos
commented
1 year ago Well, I'll probably stick with 1.6.0
That is indeed your right but I'm curious. I understand that you don't want to have a background service running, but the default will still be without a background service (unless the user enables listening for screen off or low battery), so what's the reason for skipping versions? 🤔
What's the point of updating to a version with new features you'll never use? 😏 Unless there are some bug fixes, which I haven't encountered yet. This app is very simple, and fulfills a simple task. No need for further updates for me.
Makes sense. 🙂 I never thought about that since I just auto update without thinking about it.
Yeah, that's what I usually do too! 😂
Simplenuity
commented
1 year ago Thanks for the update. A pity there needs to be a 24/7 background service running
Simplenuity
commented
1 year ago Thanks for adding these options. Great enhancement!
Great app, as simple and effective! Thank you.
Similar to #9 I'd like to suggest an enhancement, mainly for security reasons:
After the screen gets locked KeepScreenOn should by default get deactivated and the screen timeout value should revert back to the system setting value. Of course, in addition there could be an option to override this default behavior.
Thank you for your consideration