Security ideas / features

[esengulov]

• [ ] Disable transactions over xxx

  Or request passcode for anything over certain amount. This option may include “Require reinstall to remove restrictions”.

• [ ] Double auth for send

  Ask for pin on send. Require Face ID on send.



• [ ] Hide large balances

  Ability to hide certain coins (with large balance). unhide option would be available in settings



  • [x] Unlock pin

  Randomize the keypad each time the PIN needs to be entered.

• [ ] Alert on large balances

  

Recommend users to move part to a cold storage. Diversification of risk factors.

• [ ] Brute force measure

  Delete the wallet on x unsuccessful login attempts. At the moment we lock the screen.

• [ ] Screen overlay detected!

  

Blockchain.info has alert when there is some overlay on screen while using their app. It shows alert “Screen overlay detected! Should I exit or continue to use app”

• [ ] kill switch

  An option to add Kill Switch Pin that would erase all enabled wallets on the app on the kill pin entrance.

• [ ] additional pin locks

  An optional lock on the app and wallets for additional security

• [x] duress PIN

  discussions in this thread, https://github.com/horizontalsystems/unstoppable-wallet-android/issues/5526

[Giszmo]

This should be split into independent issues as these are independent ideas. If an idea is not worth its own issue, it's probably not worth implementing neither.

[horsys]

This should be split into independent issues as these are independent ideas. If an idea is not worth its own issue, it's probably not worth implementing neither.

Thanks, it's indeed a basket of issues) At one point the issue count became really large so we cleaned it up back then by moving all security issues into one ticket for tracking. We will clean it up in the near future, thanks for heads up ;)

[Giszmo]

Ok, if that is the idea, use a checklist:

• [x] View only mode - to monitor portfolio. Only MPK would be required for the app to work in this mode. View only mode.
• [ ] Disable transactions over 1000 or some other desired amount. This option may include “Require reinstall to remove restrictions”.
• [ ] Passcode request for anything over certain amount.
• [ ] blur mode that would hide all sensitive data with blurred overlay. Can be removed on demand from settings. Blures balance on home tab. Everything else stays same. Deactivation of blur takes 5 hours.


• [ ] Require pin on send.
• [ ] Require Face ID on send.



...

[esengulov]

Ok, if that is the idea, use a checklist:

• [ ] View only mode - to monitor portfolio. Only MPK would be required for the app to work in this mode. View only mode.
• [ ] Disable transactions over 1000 or some other desired amount. This option may include “Require reinstall to remove restrictions”.
• [ ] Passcode request for anything over certain amount.
• [ ] blur mode that would hide all sensitive data with blurred overlay. Can be removed on demand from settings. Blures balance on home tab. Everything else stays same. Deactivation of blur takes 5 hours.
• [ ] Require pin on send.
• [ ] Require Face ID on send.

...

thanks! cleaned it up a bit )

[trymeouteh]

Would like a optional lock on the app and wallets for additional security

[esengulov]

Would like a optional lock on the app and wallets for additional security

thanks, added it to the above list of improvements

[serrq]

"Double auth for send" feature: I don't want face id or fingerprint id.

In my case I think is better pin A or pin B.

Normal pin (A) is for low value transactions. After a certain amount it needs for "send" a pin too.