Open pmaier1 opened 2 months ago
On Android we're going to do the following: we have an internal 'app version migration' (not related to the actual version of the app, like we do internal 'state' migrations v1, v2, v3, etc., but they're not tied to the app version 0.4.X
in any way), so what we can do is add a new migration that checks for any existing sessions and allows them to skip verification.
This migration will run only once, so any new logins won't trigger it and these new sessions will need to be verified.
We're changing the paradigms for our apps such that devices always have to be verified. Long story here.
As we do not yet have a way to reset your crypto keys on EX, users might get stuck and the app becomes unusable just after updating to it. For that reason, this ticket asks to change the enforcement in a way that it will only apply to new logins. Existing sessions can continue to use the app in an unverified state, for now (until we provide a way to reset keys).