Password or PIN protection for opening app (local data encryption)

Feature Proposal
1

Expected behavior

Password protection for opening Delta Chat with local data encryption.
Like in Briar app.

Actual behavior

Just open an app without any protection and passwords.

Example Images

2021-08-11_16-58-28

7 Likes
2

some apps indeed have this feature, but IMO itā€™s not should be the responsibility of each app to protect themself, rather the responsibility of the OS.

3 Likes
3

In previous versions of delta chat I remember that there was this feature but it caused some bugs and issues so it was removed. In addition, the phone should be encrypted at the system level so it is a function, in my opinion, quite superfluous.

1 Like
4

My opinion there should be a protection at app level in cases when you HAVE TO unlock your mobile in some reasons and pass it to some one. :man_shrugging:

4 Likes
5

sorry to necro, but has there been any movement on this? having a passord that isnā€™t tied to devices adds another layer of security, especially on ios. Itā€™s not prohibitively difficult to unlock an iphone if it has fingerprint set up, so another layer of security would be appreciated.

3 Likes
6

meanwhile, there is some progress in encrypting the whole database at rest, this is added as an experimental feature. however, that is stuck a bit, currently, the few resources available are spend in other areas.

for the concrete iOS thing:

Itā€™s not prohibitively difficult to unlock an iphone if it has fingerprint set up

if at risk and you have the phone a few seconds in your hand, you can press fast six times the ā€œonā€ button. that disables fingerprint or face-id and is helpful in some situations. just in case some readers do not know :slight_smile:

2 Likes
7

this is usefully, need it

3 Likes
8

and in addition to simple ā€œlock codeā€
it would nice to have option ā€œanother lock codeā€ by entered which we will be logged in deltachat ā€œjust likeā€ we ā€œjust nowā€ instaled it.
with empty list of contactsā€¦
with empty list of mail accountsā€¦

i try to explain why ā€œweā€ want have ā€œthisā€
ā€œthereā€ easily can be ā€œsituationsā€ when someone ā€œCANā€ force physicaly! you unlock - your phone and unlock your delta.chat - and better if there in delta.chat will be ā€œnothingā€ - no chats no email - simply empty

encrypting the whole database it is good BUT! when many ā€œaround youā€ have physical supremacy over you - encrypting the whole database will not ā€œhelp usā€

4 Likes
9

I also think that locking the app with password should be added to DC, many times you have to give your phone to others for some reason, and the phone password it is constantly used so it is easier for others people around you to get it.
This an app practically based in privacy and security so this should be an important feature to add.

3 Likes
10

I agree. The ideal situation is that we have two passwords: the first one opens application, and the second one erases everything when entered with hot emails to friens.

4 Likes
11

At the device level, why not, but I would like another function - if the PIN code is entered incorrectly, all messages will be deleted! That would be correct!

1 Like
12

I think for that situation is better to have some panic button that would uninstall the app completely, that way when you are forced to unlock the phone, the app isnā€™t even installed, because even the fact of having the app installed and ā€œemptyā€ is already suspicious more when this feature will eventually be known by the people that are forcing you to unlock the phone and they will just hit you harder to use the real password next time

and such panic button is something that is already offered by some systems like CalyxOS which you would want to use anyways in such situations, because the extra security features (auto-reboot if locked for X time etc)

not something that should be solved in Delta Chat itself

2 Likes
13

Each profile must be stored in separate encrypted containers. Each profile must have two passwords. The first one is for decryption and opening. The second one is for erasing the contents of this profile.

1 Like
14

I think that in addition to increasing privacy, this method of storing profiles in separate encrypted containers will allow us to easily transfer them between devices.

16

I still think it makes a lot of sense to do something ā€œbasicā€ on the app level. I like how SimpleX does it. Let the user set a pin (not limited to 4 numbers) to open the app. After they did that they also have the option to set a pin that deletes everything in the app and opens a fresh DC.

2 Likes
17

Related: Local encryption.

1 Like
18

It is recommended that all data stored on smartphones be encrypted using AES before storage, with the AES encryption key being the SHA-256 hash of the userā€™s PIN code.

1 Like
19

Briar does something similar, they let you set a password. I donā€™t know if they use the same or different encryption method to SimpleX.

20

The functionality of some special actions upon ā€˜forced unlockā€™ is often asked by users of private messengers.

There is Android app just for ā€˜panicā€™ action. Shoutd be supported in apps like DC.

(I didnā€™t use it)
If there will be PIN/password lock implemented - please, look into it also.

PIN-protecting app is must-have feature, even if it DB is not encrypted.

By profile, do you mean ā€˜mail accountā€™? If so - I have like 7 accounts now, so I will need to enter 7 different passwords on app unlock?
There is much simplier approach: create two databases, do not show their list in the app; after asking user for password, try to unlock both with given pass. This way, second DB may be used as dummy, with some perfectly legit chats and groups.

There should be no outside metadata on those DBs, like when those where created or opened for last time.

21

DC-iOS essentially has a lock function, as iOS allows you to lock apps with a password, TouchID, or FaceID. Apps can also be hidden in a similarly protected folder.

1 Like