Optional PIN code to lock the app

[marfl]

Hi,

I started to work on optional PINs per volume. This fits my own usage better, as I have one EncFS container with notes that is low-security and I use all the time (-> better no PIN) and one EncFS container that I access rarely and would love an extra layer of security for...

Do you like the idea? :)

Cheers, Martin

[mrpdaemon]

Martin, thanks for taking this up - appreciate the help :) Let me know if you have any questions etc. that can help you with the code etc.

Thinking about optional PIN code per-volume, it sounds interesting, but I am not sure how we would reconcile this with the current global setting of "remember passwords". Currently we have one setting that toggles between a) password always required for all volumes and b) passwords are saved upon first entry. Your proposal would require having per-volume settings (which doesn't exist in the UI yet) to toggle between 3 different possibilities 1) no PIN, password always required 2) no PIN, password saved upon first entry 3) PIN protected, password saved upon first entry.

Some issues:

• Need new UI for per-volume options which makes configuration more complex - in general Encdroid strives to be as simple as possible
• Still doesn't protect the case where you have a volume unlocked and you switch away from Encdroid to another app. Imagine someone managed to grab the phone in this state without the lock screen coming into effect - they would be able to switch to Encdroid and access your volume. The app-wide PIN code is mainly targeted to solve this issue.

For these reasons, I think an app-wide PIN code that is independent from the password caching setting is a better approach. In fact we can mandate the user to configure a PIN code if they want the app to save passwords.

[marfl]

Hi Mark,

sorry for the late reply (and for all future late replies, I'm juggling many things at once...).

I started this in a very lazy way. This would be version 0.1: if password caching is on and a password would be saved, the user is asked first if he wants to set an optional pin for that volume. Afterwards, the pin can only be changed or deleted by deleting the volume and adding it again or by entering a wrong pin three times (after which both pin and password are deleted by the app).

So this would take care of your first issue? Additionally we can add a few management entries to the per volume context menu, like change pin or set pin if none was set.

About the second issue: yes, I didn't think about this... Are volumes currently only locked when the app is closed?

Cheers, Martin

[marfl]

Hi Mark,

I finished coding my "proposal", you can check it out at my fork at https://github.com/marfl/encdroid . I'll be using it in production now and update my fork if I notice any bugs.

Two open issues with the code (that I'm aware of):

• It adds new columns to the database and I haven't updated DBHelper.onUpgrade() yet.
• The issue that you outlined, with someone grabbing your phone while the volume is unlocked, still applies. Having volumes lock themselves when the app is out of focus (or after a timeout) might be a solution...