search

thunderbird / thunderbird-android

Thunderbird for Android – Open Source Email App for Android (fka K-9 Mail)
https://thunderbird.net/
Apache License 2.0
10.1k stars 2.47k forks source link

Biometrics to open the email app #7530

Open FMorschel opened 8 months ago

FMorschel commented 8 months ago

Checklist

App version

6.714

Problem you are trying to solve

I'd like to keep my email more secure. I live in a country where stolen phones are really common. There is a trend of phones being stolen while the owner has them unlocked, and they try not to click on the button to keep the screen on so they can access the data.

Suggested solution

I'd like to propose that the email app has a security feature similar to the one on the desktop app, where there is a need for a password.

My actual request would be to have a password to lock the email app and possibly allow biometrics to unlock it.

There could be a timer to lock it again similar to what WhatsApp already has.

Screenshots / Drawings / Technical details

Options available on WhatsApp as a reference:

Aditional information

The last switch was already asked at #7529.

cketti commented 8 months ago

Trying to defend against an attacker that gets access to an unlocked device on an app level is unreasonably costly (in terms of development and maintenance cost) and still leaves you unprotected in case you had the email app open while the device was stolen.

I suggest you look into solutions that can automatically lock your device when it is stolen. E.g. lock the device when the Bluetooth connection to a device that you keep on your body is lost.

FMorschel commented 8 months ago

I'm aware that I would still be unprotected if the email was open, and this exact behaviour of locking the app can be mostly created as well with apps like Kaspersky which can make apps need a fingerprint or a code to open, but that is still not ideal because when you open the app, sometimes it takes some seconds for the Kaspersky app to lock it.

I would still look into those options you mentioned, of course, but I would really appreciate it if this was at least not discarded up-front. I intend to make some contributions to OSS in the future, but I'm not familiar with Android development specifically yet, so if this issue could stay open here, to someone else to open a PR or even myself in the future, I'd be very grateful.

adingbatponder commented 4 months ago

Essential feature for an email app. Access to email on a stolen phone is catastrophic as email is often used to reset passwords. I also help if one lends the phone to a child or other person with permission and you do not want them to see your mail or fiddle with it. The Norton app lock is a pain as not sure it uses biometrics.