TouchID protection for App about quirk HOT 18 CLOSED

Since we are talking about the most valuable information a human has, his/her thoughts I do not like to give a false sense of security.

Agreed, if it wasn't purely encrypted, it would have to come with a warning.

If you want to use touchid as an app lock, sure.

I think the use case here is something like this:
You're driving and you get a text. You don't want to answer it while you're driving, so you ask the person in the passenger seat to answer it. You unlock the phone with your thumbprint and hand them the phone. They notice the cute icon and open the app and are now looking through your deep secret thoughts.

from quirk.

yeah, I mean icecream. Come on. Everyone is going to click on that icon :D

from quirk.

☕️🏃‍♂️💨

from quirk.

#80

from quirk.

This is something on the roadmap, but some primary questions need to be answered first:

Are we encrypting the data? If so, what's the key? Does a user need to have a pin? What happens if they forget their pin? Is it better to have more secure data or recoverable data? If we're recoverable, how do we inform a user that the data isn't secure?

If we encrypt the data, can we require a password/pin only on reads? If we require a password/pin on writes, then we force a user to fiddle with a password when they go to enter something. Is this even feasible?

from quirk.

I am asking about "authenticating" into the app, rather than protecting the data, which I believe to be an orthogonal issue.

I think there should be an option to enable "authentication" any time the app is first opened, or opened from the background. This does not exist to protect your data from anyone determined. It's more about "feel good" vs. real security, especially if the device is shared among several people.

I think encrypting the data at rest is a separate issue, which is possibly subsumed by full disk encryption if the device supports it and if it is enabled.

from quirk.

I can only talk in case of iOS.

Let the user decide to lock the app with a (4) digit pin or password.
Optional enable touchid. Pin is obsolete in this case and only used as backup for touchid.

I do not recommend to share devices. These devices are non multi user devices.

After touchid is activated, Quirk can use an encryption key saved in the secure enclave to decrypt the database file. Because touchid is active the user does not need to type a strong password but the fingerprint is used to unlock a strong private key. This strong private key is the password file for an other password protected key saved in the app storage. The key saved in the app storage is used for the encryption/decription of the databse/files.

Like luks encryption or gpg. We have encrypted data which is protected by a key. The key itself is stored readable in the private app storage and possibly synced across devices. But instead of the user typing a password we unlock the key with an other key inside the hardware secure enclave. The important key is save and non syncable as far as I know.

user opens quirk on device 1:
pin/strong password #authenticates-> touchid #authenticates-> tpm/secure enclave #generatesOnFirstUse/opens-> hardware bound key #authenticates-> syncable key inside private app storage #decrypts-> encrypted data #>

quirk on device 1 syncs data:
#sync of the encrypted data to iCloud
#sync of the private app key via keychain management to the other device of the user (key is encrypted / password protected)

quirk on device 2:
#give option to enable sync and ask user for pin/strong password from device 1 for the key import
ask for password from device1 #authenticate->touchid #authenticates-> tpm/secure enclave #generatesNewKey-> hardware bound key #add as unlock key-> syncable key inside private app storage (same key as device 1) #decrypts-> encrypted data #>

This way the user can use touchid for comfort. We use hardware secured keys to unlock the encryption key. The user set password is not needed as long as the user does not want to add devices. Maybe offer the user to print the password or save it in password manager. Because if the user forgets the password we can only decrypt the private app key with the hardware bound key. So without the user remembering the password we would lose the data after device reset.

To make it clear. The encrypted data is protected by an key that is password protected inside the private app storage. This key can be decrypted 2 ways, master password from user or by an other key saved hardware bound and not exportable inside tpm / secure enclave.

from quirk.

As long as an android device offers an tpm the same could be used for android.
Maybe dropbox instead of iCloud. Or gdrive.

Big problem with android are these very unsecure low cost devices. You can not do proper key management without tpm. The alternative is to to ask the user every time for the master password when tpm is not available.

from quirk.

This does not exist to protect your data from anyone determined. It’s more about “feel good” vs. real security, especially if the device is shared among several people.

I can definitely get behind this. This is probably the easiest to implement and the most useful for the most amount of people.

I do not recommend to share devices. These devices are non multi user devices.

A lot of people hand their phones and tablets to their spouses and children, which for many people are a subject of their distorted thoughts.

It shouldn’t matter if folks should share devices or not, they are sharing devices, so we should work to make this capable for folks.

sync of the encrypted data to iCloud
I’m gonna say we should separate syncing data from PIN code lock for the moment. They’re two different features for the moment.

from quirk.

I moved encryption and sync to a separate issue #99

Since we are talking about the most valuable information a human has, his/her thoughts I do not like to give a false sense of security.

If you want to use touchid as an app lock, sure.
But already setup fingerprint unlocks every app. Means if you share your devices and have finger prints set up from others they are going to be able to unlock quirk

from quirk.

I mean icecream. Come on. Everyone is going to click on that icon :D

SO TRUE 😅

from quirk.

How do we reset pin code if a user forgets it?

from quirk.

How do we reset pin code if a user forgets it?

TouchID does not depend on a pin code but on your finger print. But your question is not simple to answer. Basically you work with another authentication method like password reset over email. Or you do not and the data is gone for good. Reset with email works only when you save login information on a server.

from quirk.

@idnovic Hi,
I asked it because on the project, above the pin lock button it was state as “the only way to reset the code is to contact support”

from quirk.

@pisacode --> Did you lose your pincode and need to reset? (Send me an email at [email protected])

from quirk.

No i didn’t but I was looking for the method that resets it in the code, however I couldn’t find the way it works.

from quirk.

@pisacode thaaaattt is because there isn't one at the moment. I have a pretty quick hotfix I can make to add one, but at the moment, there is no way to reset. 😬

from quirk.

Ohh ok, thanks a lot for the fast reply

from quirk.