Signal-android: [UX] Passphrase-protect and hide only "sensitive" contacts.

Created on 4 May 2017 · 3Comments · Source: signalapp/Signal-Android

As part of an intermediate threat level(?) model, I'd like to have - like in GO SMS Pro, for example - the passphrase-protection apply only to a subset of my contacts/conversations, which should not affect normal usage of the app for the rest of the conversations in any way. The "sensitive" conversations should only show up and be available to interact with when the passphrase is entered.

For this to happen, of course, there needs to be an entirely different handling of the passphrase-protection (or just a new dedicated contacts-hiding passphrase mechanism?) where it doesn't auto-lock the whole app but only some conversations. In this case I should have something like an Unlock option in the Settings menu rather than as the first thing shown on app launch.

The scenario I'm thinking of is probably a quite common one, where you expect to forget your phone on a table somewhere and to have people looking through it while you're gone. In that case it's not much of a problem if they can get past the lockscreen but it becomes more important that a few apps or app sections holding sensitive information be really locked down with something more complicated than what's typically available as a screen locker. (If I complicate the screen locker by making it a long PIN or passphrase I severely reduce the usability of my phone, and in my opinion it's the same with my SMS handling app, which should be able to deal with "inocuous" conversations quickly and easily even if I have other conversations that I want to keep under a tighter lock.)

As for new message notifications from the hidden contacts, they should have some generic new-message text that doesn't disclose either the contact's name or the contents of what they've sent you.

Source

donjoe0

👎4 👍1

All 3 comments

The current plan seems to be to phase out passphrase protection when Android introduces decent encryption and this encryption is widely used. So I don't think the time to introduce this would be time well spent.

Dyras on 5 May 2017

😕1 👍1

Encryption is not what this issue is about, it's user experience: what I have to do to keep the encrypted content locked (and which content that is). If anything, it's bad news for me that because Android will encrypt everything Signal (and possibly other apps) will now remove functionalities and force me to make my entire device harder to access (by complicating the screen unlock process) just to benefit from that encryption.

donjoe0 on 6 May 2017

👍1

@donjoe0

If anything, it's bad news for me that because Android will encrypt everything Signal (and possibly other apps) will now remove functionalities and force me to make my entire device harder to access (by complicating the screen unlock process) just to benefit from that encryption.

I can sign that. I think it is a really bad idea to remove the local encryption in Signal and let the os handle it. There are several reasons why. And this is one.

Here are alot more:

https://whispersystems.discoursehosting.net/t/passphrase-encryption-only-for-message-contents/917

Anyway let's open this one in the community forum. The developer's are being notified per email in github about posts and this is not a discussion forum.