Lock the android app when returning to foreground

[garethbowen]

Implement a PIN (or similar) to unlock access to the app when bringing the app back to the forground. This will help protect when a phone is borrowed or stolen.

More information

[alxndrsn]

This is working. Waiting for @diannakane or @amandacilek for design input.

[sglangevin]

@alxndrsn can you provide more detail here? What has been implemented? What input is needed? This is also a significant change that will affect large-scale partners so the roll-out of this feature needs to be done carefully.

[alxndrsn]

@sglangevin I'm hoping to demo to someone from the design team, although perhaps you would be more appropriate. If you're interested I can send you a build with the feature enabled and if desired talk you through it.

[sglangevin]

I am interested to see a demo soon if we can make time for that. I'd like to understand the details of how it was implemented and what other things we need to do (if any) before it could be rolled out. I'd also like to make sure I'm fully up to speed on how it works so that I can help support the roll-out of this feature. I'll need to know how it would affect existing users vs. new users who are logging in for the first time.

Perhaps we can go through it together and then I can chat with the design team about what is needed from their end? If you're around tomorrow morning your time (tonight my time) we could do it then.

[alxndrsn]

@sglangevin I think this is really a design issue now. If designers are using this ticket to track the issue then leave it here; if not, perhaps we can close it?

[sglangevin]

Normally tickets would be tracked with a design issue first before development, but since we did this in a slightly different order, let me talk to @diannakane and she can provide feedback. Depending on the changes, we can decide whether to open a new issue or continue with this one.

[diannakane]

@alxndrsn great initial mockups! I have a few questions and suggestions. @amandacilek has offered to help with final polishing, but if you can take another stab at the UX/UI with these considerations, that'd be helpful.

Overall features and navigation:

1. How do you get to the menu options?
2. What is in the “settings” option?
3. What is “Home”?
4. How do you recover a forgotten pin?

UI:

1. The title / instruction, i.e. “confirm code” looks like an editable line. Can we make this more clearly an instruction?
2. <<X is unclear and doesn’t feel standard (I’m assuming that it deletes, but not sure if it clears the whole entry or just the last digit)
3. Consider greying out “OK” until the user satisfies the request, e.g. all 4 numbers have been entered
4. Consider a “clear” button rather than <<X
5. Make it clear how many digits you are asking the user to select, such as having 4 boxes to indicate 4 digits
6. Provide more detailed instruction and tips, e.g. “Choose a 4-digit code that you can remember. You will be asked for this every time you open the app. You may change it later.”

cc: @amandacilek

[alxndrsn]

@diannakane great feedback, thanks!

Overall features and navigation:

1. How do you get to the menu options?

On older phones, you press the hardware menu button. On newer phones, it may be accessible via a long-press of the back button. There's an open issue to deal with this at medic/cht-android#33

2. What is in the “settings” option?
3. What is “Home”?

Try clicking on them - nothing terrible will happen.

4. How do you recover a forgotten pin?

Delete all app data.

Another option might be to phone or visit your branch and get a PUK code issued. This would basically be the same process as re-logging in after re-installing the app, except that you wouldn't need to re-download the whole database again. OTOH it would be a lot more process and involve extra functionality in both the android wrapper and webapp/api.

UI:

2. <<X is unclear and doesn’t feel standard (I’m assuming that it deletes, but not sure if it clears the whole entry or just the last digit)

I think it's just <x, but anyway it's supposed to represent ⌫, but that character is missing from phones I have tested with (notably Tecno Y4). Apart from this character change, the screen is identical in layout and behaviour to the unlock screen currently in use with LG.

3. Consider greying out “OK” until the user satisfies the request, e.g. all 4 numbers have been entered

There's currently no requirement that a PIN should have a specific length. Is this a recommendation for a 4-digit PIN?

4. Consider a “clear” button rather than <<X

Backspace seems more intuitive/useful to me, but perhaps because I'm used to Android and iPhone unlock screens, which both have an "erase last-entered number" button. OTOH on iPhone it's actually very annoying...

5. Make it clear how many digits you are asking the user to select, such as having 4 boxes to indicate 4 digits

As above, there's no length requirement. From a security point of view, displaying the length of a password is not generally recommended, and sometimes not possible.

6. Provide more detailed instruction and tips, e.g. “Choose a 4-digit code that you can remember. You will be asked for this every time you open the app. You may change it later.”

👍 there are a lot of improvements to be made in this area, along with deciding when a user should set their PIN - perhaps it would be part of training.

[sglangevin]

Apart from this character change, the screen is identical in layout and behaviour to the unlock screen currently in use with LG.

What unlock screen are you referring to that is in use? I don't know if I've seen it, but may be misunderstanding.

[alxndrsn]

What unlock screen are you referring to that is in use?

I'm referring to the OS-level lock screen.

[alxndrsn]

Here's what it looks like on my tecno, if you can make it out:

[sglangevin]

We are planning to have the design team work on this before implementing something. As far as I know there are no mockups, just a prototype Android app that @alxndrsn had shared. He can send you the apk if you'd like to see it.

[diannakane]

I can't find the prototype that I provided feedback on. @alxndrsn please re-share.

[alxndrsn]

Should be available in the latest unbranded release at https://github.com/medic/medic-android/releases

[garethbowen]

This needs design input before we can proceed any further so I'm removing this from the milestone.

[n-orlowski]

@garethbowen can we archive this? Seems to be replaced by #6380

[garethbowen]

I agree, it's probably a duplicate, however this one is security focussed, and that one is user workflow focussed, so I'd like to keep them both around to ensure that both concepts are considered and tested.