Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Require login after app returns from background: let user choose if app is locked immediately or after some time #1615

Open
myxmaster opened this issue Aug 23, 2023 · 2 comments · Fixed by #1679
Open

Require login after app returns from background: let user choose if app is locked immediately or after some time #1615

myxmaster opened this issue Aug 23, 2023 · 2 comments · Fixed by #1679
Labels
Feature request New feature request Security

Comments

@myxmaster
Copy link
Contributor

Describe the feature

For general security it is a good idea to let Zeus lock itself (PIN/Biometrics required to open it) when Zeus was in background. But it happens quite often that you just want to copy something from elsewhere and paste it somewhere in Zeus. To make this more convenient, it would be nice if you could configure a time after which Zeus will lock itself, when sent to background.

Android (at least Samsung) has this too (when turning off screen, not screen timeout!): user can choose between immediately, 5/15/30 seconds, 1/2/5/10/30 minutes. So maybe UI could be similar to this.
@myxmaster myxmaster added the Feature request New feature request label Aug 23, 2023
@kaloudis
Copy link
Contributor

let's do it. shouldn't be a big lift

@myxmaster myxmaster mentioned this issue Aug 31, 2023
Closed
This was referenced Sep 17, 2023
Closed
Merged
@myxmaster
Copy link
Contributor Author

myxmaster commented Oct 16, 2023
edited
Loading

The PR must be reverted because it does not work on Android (Android probably stops the timer due to aggressive power management).

There are theoretically three other ways of implementing this which come into my mind:

  1. Save the current timestamp when going to background and compare the new current timestamp when the app is opened again with the saved timestamp to check if the timeout is elapsed. The problem here is that this can be tricked by changing the device system time.
  2. Use the device uptime/boot time instead of the current timestamp and use the same approach as above. This would work, but I did not find a library with acceptable quality.
  • react-native-elapsed-realtime is old (would need another patch to fix build.gradle and does not use AndroidX) and has lots of unnecessary/unused content like resource files (looks unprofessional). react-native-elapsed-realtime-v1 seems to be just a clone.
  • react-native-uptime does not provide the system uptime but some performance data.
  • react-native-device-uptime uses an unsuitable method for iOS according to this issue.
  1. Get the time from a time server. Obviously can't be manipulated but we would be depending on a central server. And also it would not work if there is no internet connection.

If somebody has another idea, please share. I would really like to implement this feature because I think it would improve security since people right now will use less secure passwords/PINs or biometrics or even disable app lock when going to background because they have to unlock the app so often.

@kaloudis kaloudis reopened this Oct 16, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Feature request New feature request Security
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Security: app lock timeout feature myxmaster/zeus
2 participants
@kaloudis @myxmaster