Acceptance Criteria

• Should be able to view FAQs at lockbox.firefox.com/faqs.html
• Should be able to provide feedback at https://www.surveygizmo.com/s3/4713557/Provide-feedback-for-Firefox-Lockbox-Android
• Should open in-app (custom Chrome tab) and not in the default browser like the website links

Visual Design

InVision
FAQ: https://mozilla.invisionapp.com/share/3SN35UHWJDX#/309979891_FAQ
Provide Feedback: https://mozilla.invisionapp.com/share/3SN35UHWJDX#/309979890_Provide_Feedback

Zeplin
FAQ: https://zpl.io/aRYj40K
Provide Feedback: https://zpl.io/2pOY3j8

Requires #15
Requires #14

placeholder

When I'm done with Firefox Lockbox, and want to remove the app, I want to ensure that my login data is also removed from the app.

When unlinking my account for Lockbox, I should be given a confirmation dialog to ensure that I want to complete the action of blowing away my data on my device.

Acceptance criteria

• Should destroy local Lockbox data, including:
  • settings
  • stored FxA information
  • datastore information
• Should confirm the user truly wants to remove the Firefox Account and all the associated data.
• Should convey that unlinking an account renders the Lockbox app useless until login (eg it’s effectively a reset button)

Visual Design

InVision
https://mozilla.invisionapp.com/share/3SN35UHWJDX#/309979893_Account_-_Confirm_Disconnect

Zeplin
https://zpl.io/25qK4xQ

Visual Design

InVision
Account Screen: https://mozilla.invisionapp.com/share/3SN35UHWJDX#/309979892_Account
Confirm Unlink: https://mozilla.invisionapp.com/share/3SN35UHWJDX#/309979893_Account_-_Confirm_Disconnect

Zeplin
Account Screen: https://zpl.io/beYM3Wz
Confirm Unlink: https://zpl.io/25qK4xQ

Depends on #11

Depends on #111

• upload APK (build 2050) @devinreams
• upload CSV of testers to Closed (Alpha) track @devinreams
• email the testers @sandysage
  • https://docs.google.com/document/d/1Rs5fACrFffWGgiSxf_l6ESUMqTSTxfu7AUXZUMlzDQE
• go back and upload the testers' real Play Store emails @devinreams
  • https://docs.google.com/spreadsheets/d/11cKVr3Os64Mjy_IKW9UWFxmYub-M_PKWyBDm_lSDKwc

There are several spots throughout the app that link off to the internal FAQ for support.

Let's use this description to identify 1) the locations in the app that need to link to the FAQ and 2) the exact URL to link to

• Welcome
  Design: https://zpl.io/VDzrg4v
  Link Text: Learn more
  Link URL: https://lockbox.firefox.com/faq.html#how-do-i-get-my-saved-logins-into-firefox-lockbox

• You're all Set (onboarding confirmation)
  Design: https://zpl.io/V0yxoJQ
  Link Text: 256-bit encryption
  Link URL: https://lockbox.firefox.com/faq.html#what-security-technologies-does-firefox-lockbox-use

• No Entries Found
  Design: https://zpl.io/bAqXRlB
  Link Text: Learn more
  Link URL: https://lockbox.firefox.com/faq.html#how-do-i-enable-sync-on-firefox

• No Matching Entries (when searching)
  Design: https://zpl.io/2j4XN1q
  Link Text: Learn more
  Link URL: https://lockbox.firefox.com/faq.html#how-do-i-create-new-entries

• Entry Detail
  Design: https://zpl.io/2EAZQyl
  Link Text: Learn how to edit this entry
  Link URL: https://lockbox.firefox.com/faq.html#how-do-i-edit-existing-entries

• Send Usage Data
  Design: https://zpl.io/awYA3LK
  Link Test: Learn more
  Link URL: https://lockbox.firefox.com/privacy.html

blocked by #73

Get the remaining methods for Login Store implemented:

• implement touch (likely will dupe #195)
  • "Should track when a username/password are used locally only"
• listen to reset? (maybe happening at #169)
  • "Should clear my local data so when I log in again it's not there again"

Tasks

• requires #41
• requires #42

When I need to access an account, and autofill doesn’t work for me, I want to copy the username or password so that I can easily paste those credentials into the native app or mobile browser where I'm logging in.

Acceptance criteria

• Should be able to copy username from the details view
• Should be able to copy password from the details view
• Should be informed of copied credential
• Should be able to navigate out of the Lockbox app, to either app or mobile browser, to paste copied credentials
• Should know that copy action is available NEW: based on finding from iOS
• Should be removed from the clipboard seen at #49

Visual Design

InVision
Entry Detail: https://mozilla.invisionapp.com/share/3SN35UHWJDX#/309979881_Entry_Detail
Copy Username: https://mozilla.invisionapp.com/share/3SN35UHWJDX#/309979883_Entry_Detail_-_Username_Copied
Copy Password: https://mozilla.invisionapp.com/share/3SN35UHWJDX#/309979882_Entry_Detail_-_Password_Copied

Zeplin
Entry Detail: https://zpl.io/2EAZQyl
Copy Username: https://zpl.io/29Z8mje
Copy Password: https://zpl.io/2EAZQWM

As the product owner, I want to know how users engage with the app to help inform decisions for future effort, while making sure users have control over whether or not their usage data is submitted.

Acceptance criteria

• All events should send Telemetry event data defined by the Mozilla product, data science, and legal teams
• The user should be able to disable usage data collection (Telemetry) via a setting

Engineering email thread about testing Telemetry: https://groups.google.com/a/mozilla.com/d/msgid/mobile-all/CABupmeDgMfjz%3Dqi4m%2B23BP2jL5%2ByQV-eruCcPRUMErQLyUZRZw%40mail.gmail.com?utm_medium=email&utm_source=footer

Requires #15

Acceptance criteria

• Typing in the search bar dynamically changes the list of entries
• Search should filter the URL, username, and entry/title
• The results should appear in the order that they're returned from the database (no additional support for organizing results at this time)
• The cancel button should appear in the search bar when text has been entered
• Tapping the cancel button [X] should clear the current search text & restores the full list of entries
• When focusing on Search, device keyboard should appear
• When focusing on Search, should be presented with a button to cancel [<-] and return to the full entry list
• When focusing on Search, should be able to press the device “Back” button to dismiss the keyboard

Visual Design

InVision
Search Button: https://mozilla.invisionapp.com/share/3SN35UHWJDX#/309979873_Entry_List
Search Focused: https://mozilla.invisionapp.com/share/3SN35UHWJDX#/309979878_Entry_List_-_Search
Search Text Entered: https://mozilla.invisionapp.com/share/3SN35UHWJDX#/309979879_Entry_List_-_Search_-_Filtered

Zeplin
Search Button: https://zpl.io/b6MPKgy
Search Focused: https://zpl.io/VKq1djX
Search Text Entered: https://zpl.io/brNe3Me

Test Rail:
https://testrail.stage.mozaws.net/index.php?/suites/view/3060

Acceptance criteria

• Should be able to manually lock saved logins from the settings page

Visual Design

InVision
https://mozilla.invisionapp.com/share/3SN35UHWJDX#/309979874_Entry_List_-_Nav_Drawer

Zeplin
https://zpl.io/bLOR9BJ

Some notes (private) from meeting with localization team:
https://docs.google.com/document/d/1Ek3pxyL_VBa2Amia8rz-qeAaMnUs2CCYL4P2kiWa-pc/edit#

Best practices:
https://developer.mozilla.org/en-US/docs/Mozilla/Localization/Localization_content_best_practices#Land_good_quality_strings

Meeting scheduled for November 30

Depends on #204

Acceptance criteria

• Contents copied to the clipboard should expire after 60 seconds

Depends on #13

Acceptance criteria

• Should be able to sort entries by title alphabetically
• Should be able to sort entries by recently used on mobile (until we can sync “last used”)

Visual Design

InVision
https://mozilla.invisionapp.com/share/3SN35UHWJDX#/309979876_Entry_List_-_Sort_Menu

Zeplin
https://zpl.io/aN0Ax9Z

When unlinking my account for Lockbox, I should be given a confirmation dialog to ensure that I want to complete the action of blowing away my data on my device.

Acceptance criteria

• Should confirm the user truly wants to remove the Firefox Account and all the associated data.
• Should convey that unlinking an account renders the Lockbox app useless until login (eg it’s effectively a reset button)

Visual Design

InVision
https://mozilla.invisionapp.com/share/3SN35UHWJDX#/309979893_Account_-_Confirm_Disconnect

Zeplin
https://zpl.io/25qK4xQ

Related #9

• sample code to explore: https://github.com/linuxwolf/android-dataprotect
• documented findings: https://mozilla-lockbox.github.io/lockbox-android/architecture/sec-apis/
• user stories documented

When accessing Lockbox, I want to be able to use my fingerprint or device passcode instead of my password for security and convenience.

Acceptance criteria

• Should be able to unlock with fingerprint or pin
• Should prompt for user consent/permission before using per the Android material design guidelines

Tasks:

• requires exploration #29
• launch biometric auth from WelcomeActivity
• successful auth dispatches unlock action

When viewing the entry list, I want to quickly scan the entry list by title (e.g., Facebook instead of https://www.facebook.com or even www.facebook.com), so I can quickly access my username and password for logging in.

Problem: No Entry Name (title) currently available in Saved Logins so we need to derive one

Acceptance criteria

• Should be able to view the list of entries by the origin
• Default alphabetical ordering on the origin should make sense (eg facebook comes before twitter)
• Should not not include the protocol (http://, https://, www.)
• Should not see the suffix or anything after the suffix (.com/{*})
• Should support future goals of editing the entry name

Visual Design

InVision
https://mozilla.invisionapp.com/share/3SN35UHWJDX#/309979873_Entry_List

Zeplin
https://zpl.io/b6MPKgy

Considering...

• CI infrastructure (bitrise) #66
• integration testing (espresso)
• Simulator containers ("Virtual Device Testing" step in bitrise)
  • https://discuss.bitrise.io/t/how-to-run-android-ui-tests-on-virtual-devices/2496

Depends on #111
Depends on #36

As a user of a new Android device with Oreo installed, when I need to access an account, I want the app/browser to recognize that I have saved credentials for that form and use those to immediately log in. If the app doesn’t find an exact match, I want to be able to access my list of entries right from the app/browser to select a given entry for filling (in lieu of having an exact match)

Acceptance criteria

• Should be prompted during onboarding to set up autofill for apps and websites (direct user to settings/accessibility area) -- #55
• Should be able to enable autofill for apps and websites from settings screen (direct user to settings area) -- #56
• Should present user with ability to “autofill from Lockbox” when clicking into a username or password field on apps or sites (if enabled). -- #215
• If no match is found, ‘search’ option should open Lockbox app. Not possible
• Should adhere to Android Design Guidelines
• Should honor lock state and settings -- #216
• Display error when attempting to save credentials to Lockbox -- #217

Visual Design

InVision
Initial (1 entry): https://mozilla.invisionapp.com/share/3SN35UHWJDX#/317564412_Autofill_-_App_-_Initial
Initial (multiple entries): https://mozilla.invisionapp.com/share/3SN35UHWJDX#/317564409_Autofill_-_App_-_Initial_-multiple_Entries-
Initial (no matching entries): https://mozilla.invisionapp.com/share/3SN35UHWJDX#/317568427_Autofill_-_App_-_No_Matches
Unlock (fingerprint): https://mozilla.invisionapp.com/share/3SN35UHWJDX#/317564407_Autofill_-_App_-_Unlock_-_Fingerprint
Unlock (Device PIN/Pattern): https://mozilla.invisionapp.com/share/3SN35UHWJDX#/317564414_Autofill_-_App_-_Unlock_-_Device_PIN
Filled: https://mozilla.invisionapp.com/share/3SN35UHWJDX#/317564408_Autofill_-_App_-_Filled

Zeplin
Initial (1 entry): https://zpl.io/2pBe6lE
Initial (multiple entries): https://zpl.io/aNo8g9v
Initial (no matching entries): https://zpl.io/a7ENAJR
Unlock (fingerprint): https://zpl.io/bLD0zx7
Unlock (Device PIN/Pattern): https://zpl.io/b6vEzjg

Engineering Exploration Resources

• Android Autofill Framework
• AutofillService Documentation

Acceptance criteria

• Should provide a way for user to turn on/off biometrics
• confirm enable (see below)

requires #28

Visual Design

InVision
Fingerprint off: https://mozilla.invisionapp.com/share/3SN35UHWJDX#/309979885_Settings
Confirm Enable: https://mozilla.invisionapp.com/share/3SN35UHWJDX#/309979886_Settings_-_Confirm_Fingerprint
Fingerprint On: https://mozilla.invisionapp.com/share/3SN35UHWJDX#/309979887_Settings_-_Fingerprint_Enabled

Zeplin
Fingerprint off: https://zpl.io/awYA3LK
Confirm Enable: https://zpl.io/bWY98Y1
Fingerprint On: https://zpl.io/b6MPKMg

Acceptance criteria

• Should provide a way to skip this step if user chooses not to enable
• On choosing to enable, user should be prompted to authenticate with biometrics
• Only display this to users that:
  1. Have Fingerprint available on their device
  2. Have this feature enabled on their device (have a Fingerprint set).

Make sure that navigating to this screen prevents the user from seeing the ugly webpage error as referenced in #273

requires #28

Engineering Notes

On iOS, this required "pausing" in driving the UI from the datastore state while onboarding. We added a val onboarding: Observable<Boolean> to the RouteStore, and ignored incoming non-onboarding routes while it was true.

Visual Design

InVision
Initial: https://mozilla.invisionapp.com/share/3SN35UHWJDX#/309979870_Fingerprint
Error: https://mozilla.invisionapp.com/share/3SN35UHWJDX#/310610373_Fingerprint_-_Error
Success*: https://mozilla.invisionapp.com/share/3SN35UHWJDX#/311048434_Fingerprint_-_Success
*Intent would be that the success message displays, pauses for a second, then transitions to next screen in onboarding (AutoFIll)

Zeplin
Initial: https://zpl.io/VYBxqRk
Error: https://zpl.io/Vk5l1nW
Succes: https://zpl.io/25qK4rW

When use Lockbox to manage my passwords, I want to know my login credentials are secure and only accessible to me. And I want to have full control over that account including seeing the ability to unlink it.

Acceptance criteria

• Should see FxA avatar & email & display name (if set) to see the account linked

Visual Design

InVision
https://mozilla.invisionapp.com/share/3SN35UHWJDX#/309979892_Account

Zeplin
https://zpl.io/beYM3Wz

Requires #22

When I want to access an account on a different device, or copy/paste doesn’t work for me, I want to see the password so I can manually enter it to get into my account.

Acceptance criteria

• Should be able to view password from detail view

Visual Design

InVision
Entry Detail: https://mozilla.invisionapp.com/share/3SN35UHWJDX#/309979881_Entry_Detail
Password Revealed: https://mozilla.invisionapp.com/share/3SN35UHWJDX#/309979884_Entry_Detail_-_Password_Revealed

Zeplin
Entry Detail: https://zpl.io/2EAZQyl
Password Revealed: https://zpl.io/VqE03L4

Acceptance criteria

• Should be able to tap the web URL to get to the app or a link in the user selected default browser via device settings
• Native app launch should be prioritized, regardless of browser selection

Visual Design

InVision
https://mozilla.invisionapp.com/share/3SN35UHWJDX#/309979881_Entry_Detail

Zeplin
https://zpl.io/2EAZQyl

When I have no entries saved in my Lockbox app, I need to know how to get credentials on mobile.

Acceptance criteria

• Should prompt for “turn on Sync in Firefox”
• Should inform how to save credentials in Firefox if none saved

Visual Design

InVision
https://mozilla.invisionapp.com/share/3SN35UHWJDX#/309979875_Entry_List_-_Empty_State

Zeplin
https://zpl.io/bAqXRlB

Acceptance criteria

• Sign in should happen within the app view

Tasks

• Request OAuth client be provisioned (Details)
• Implement AccountStore using service-firefox-accounts
• FxA login with cancel button

Visual Design

InVision
FxA Auth (email first flow): https://mozilla.invisionapp.com/share/3SN35UHWJDX#/311586971_FxA_-_Email

Zeplin
FxA Auth (email first flow): https://zpl.io/blpW3DG

We need to communicate and support users to set this up without requiring device authentication to use the app.

Requirements

• display the passcode prompt (when appropriate) on Get Started button tap in the welcome page
• if the user taps Skip, just route to FxA
• if the user hits set passcode, route to the settings page and remain on the welcome screen in the application
• don't bother storing the Skip preference, just launch it (when warranted) every time the user hits Get Started

Engineering Notes

On iOS, this required "pausing" in driving the UI from the datastore state while onboarding. We added a val onboarding: Observable<Boolean> to the RouteStore, and ignored incoming non-onboarding routes while it was true.

Make sure that navigating to this screen prevents the user from seeing the ugly webpage error as referenced in #273

Visual Design

InVision
https://mozilla.invisionapp.com/share/3SN35UHWJDX#/312603009_No_PIN

Zeplin
https://zpl.io/agvL3GN

Depends on #70
Depends on #30

Acceptance criteria

• Should be able to set a timer to lock saved logins
• Should default to being on
• Should be able to set via the settings page (onboarding is different story)
• Should be able to unlock from the same UI as signing in for the first time (until there is a use case for those to be different)
• Should default to 5 minutes until the user sets the timer*
• Should not take effect while in the foreground
• Should start when moved to the background
• Should start when quit

Visual Design

InVision
Auto lock dialog: https://mozilla.invisionapp.com/share/3SN35UHWJDX#/309979888_Settings_-_Auto_Lock

Zeplin
Auto lock dialog: https://zpl.io/bLOR9BJ

Engineering Considerations

• Use absolute UTC date/times for the autolock time
• Calculate and set the autolock time when:
  • the app first starts
  • the app goes into the background (including when the screen goes to sleep)
  • the autolock setting is changed
  • the app transitions to a new activity/fragment (e.g., list view to detail view)
• Assume the app is in the locked state until the autolock time can be compared to the current time

placeholder for initial design efforts

• Test Device Setup
• App audit on Pinterest

Acceptance requirements

• How automatically? TBD

Acceptance criteria

• When signing in to FxA and email authentication is required, should display an affordance to user letting them know to check their email to confirm their account.

As a user I will get an email confirm/pin and need to enter it before syncing can actually begin.

If I leave or close app or it crashes, I expect the app to gracefully allow me to (start over|resume) the sign in process.

This issue will also handle the reload behavior when cancelling out of FxA login using the "x" button on the upper right.

When I need to access an account, I want to see an entry's details to either copy credentials to my clipboard or view the username / password, so that I can easily put those credentials into the app or mobile browser.

Acceptance criteria

• Should have a details view with all relevant details including title, URL, username, password (not revealed by default)
• Should be informed about how to edit/delete

Visual Design

InVision
https://mozilla.invisionapp.com/share/3SN35UHWJDX#/309979881_Entry_Detail

Zeplin
https://zpl.io/2EAZQyl

When I want to customize my in app experience, I need to easily find those settings clear instructions for how to curate my in-app settings as well as delete my account.

Acceptance criteria

• Should be able to close out of the settings view to get back to the entry list
• Should be easily accessible from Navigation Drawer
• Should include the setting option list of
  • Turn On/Off Fingerprint
  • Change Auto Lock timer
  • Turn On/Off AutoFill (this will actually just display whether the setting is turned on/off in settings. tapping this toggle would route the user to the setting on their device)
  • Turn On/Off Sending Usage Data
  • Display the App Version

Visual Design

InVision
https://mozilla.invisionapp.com/share/3SN35UHWJDX#/309979885_Settings

Zeplin
https://zpl.io/awYA3LK

Remaining engineering todos:

• toggle cell with link
• app version
• force cast in SettingFragment
• SettingPresenter test
• settingListAdapter test
• sectionlistadapter test
• check bitrise

Because mobile access is complementary to the browser experience, I want to retrieve logins that I have already saved, and need to understand what is required to do that (having saved logins in Firefox, FxA + Sync enabled)

Acceptance criteria

• Should provide instruction to get a Firefox account & enable Sync
• Should provide context of what saved logins are in the browser, in case none are saved
• Content should provide context around safety and security

Make sure that navigating to this screen prevents the user from seeing the ugly webpage error as referenced in #273

Visual Design

InVision
https://mozilla.invisionapp.com/share/3SN35UHWJDX#/309979872_Onboarding_Confirmation

Zeplin
https://zpl.io/V0yxoJQ

Depends on #30

Acceptance criteria

• Should reinforce value prop
• Should understand the requirements to using the app
  • a Firefox Account with saved logins (and Sync enabled?)
• Should have one call to action to 'get started'

Visual Design

InVision
https://mozilla.invisionapp.com/share/3SN35UHWJDX#/310349653_Welcome

Zeplin
https://zpl.io/VDzrg4v

As a user I want to disable the ability to send usage / Telemetry data to Mozilla Firefox.

Acceptance Criteria

• Should use the same style as Firefox Android.
• Should default “Send Usage Data” to enabled.
• If disabled, should stop sending any and all events.

Visual Design

InVision
https://mozilla.invisionapp.com/share/3SN35UHWJDX#/309979885_Settings

Zeplin
https://zpl.io/awYA3LK

depends on #6

• security review from sec eng team
  • 📆 scheduled January 21, 2019
  • (private) https://docs.google.com/document/d/16R-GqBAeXs70p7Hkj-BmRczirkGuJIyknRuIexbtlwY/edit
• security testing from sec PI team
  • 🐛 https://bugzilla.mozilla.org/show_bug.cgi?id=1519765

When loading up my entries for the very first time, I should be given an affordance of something happening within the app, e.g., a loading indication, if it takes more than two seconds to load and import the data into the app.

Acceptance criteria

• Should default display loading screen everytime
• Should not be able to perform any list actions such as search or sort during this interaction
• Should be able to navigate to Settings even when loading indication appears

Visual Design

InVision
https://mozilla.invisionapp.com/share/3SN35UHWJDX#/310347758_Entry_List_-_Syncing

Zeplin
https://zpl.io/Vk5l1KL

Requires #43
Depends on #244

• Icon
• Feature graphic
• Video
• Screenshots
• Description
• Localizations

image assets.zip

Upon signing into the Lockbox app, I want to see a list of all my saved entries, by origin name/title. This is so I can easily find an entry, by scrolling, searching, or filtering, to get to that credential quickly.

Acceptance criteria

• Should be able to view the list of entries by the origin
• Default alphabetical ordering on the origin should make sense (eg facebook comes before twitter)

Visual Design

InVision
https://mozilla.invisionapp.com/share/3SN35UHWJDX#/309979873_Entry_List

Zeplin
https://zpl.io/b6MPKgy

Depends on #160

• first run and document findings against accessibility scanner #200 #201
• first run and document findings while using TalkBack #223
• first run and document findings from adjusting font size 🆗
• document test plan (incorporate the existing accessibility doc stuff) #224
• re run the test plan #225

Actually use the sync keys to get and store data locally and expose in app.

To access my saved logins, I want to safely log into my account and access the common list of entries, confident that my passwords are secure.

Acceptance criteria

• Should sync with existing store of saved credentials from Firefox in read-only state
• Should sync remote updates (add new, edit, delete) as Sync currently provides for multi-device password sync.
• Should track when a username/password are used locally only #40 will implement touch

Requires #22