Open trymeouteh opened 3 years ago
+1 i think the nice features, because phone the phone can be stolen, unauthorized people can take it and it would be great if, in addition to locking the phone, there would be an option to pin-lock it in the application.
If messages and other Session profile data are stored unencrypted, that is a concern. Issue 1464 in oxen-io/session-desktop also expresses the need to encrypt Session's contents in storage upon logout.
I, too, +1 this and wish for local database encryption which the password is used for like Molly does: https://molly.im/
Here is a good explanation for local database encryption: https://github.com/mollyim/mollyim-android/wiki/Data-Encryption-At-Rest
Signal used to do this by default, but since the Session fork was created after Android 6, where the entirety of the phone's storage was already encrypted using the passphrase, which is when Signal removed the feature, it was not included in Session.
Please implement this feature.
Reposting what I posted by mistake on the desktop repo:
In the FAQ I can read about using a PIN code to encrypt the database. In the settings I see a toggle for locking Session.
When I enabled locking, Session asks me for a fingerprint. But I want to set up a PIN code, not use the same fingerprint I'm using for unlocking the screen :)
Your application can be made even more secure in the event that the user is subjected to physical force (or pressure) and is required to unlock the application. This requires 2 pin codes:
No other messenger existing today has this level of protection.
tracking internally via https://optf.atlassian.net/browse/SES-443
Please allow an setting to add an external PIN or password to the app to allow for additional security.