Signal-android: Automatically check verification status after qrcode scan

Created on 19 Jun 2017  路  4Comments  路  Source: signalapp/Signal-Android

Backgrund: PR https://github.com/WhisperSystems/Signal-Android/pull/6731.

This could be automated like this:

  1. The QR code contains the safety number and a random password, valid only while the QR code page is open;
  2. Device A scans Device B's QR code, checks the number, marks it as "verified" and sends an acknowledgement message to device B, authenticated by the temporary password;
  3. If the password matches, device B sets the number as verified too, as the acknowledgement message can only come from a device that physically scanned the QR code.

https://github.com/WhisperSystems/Signal-Android/issues/1016 deserves some love too.

Thanks @moxie0 for the great features 4.7.0 brought.

Edit: thinking about it, the "temporary password" probably doesn't need to be temporary at all, just random and per-contact.

picture paride
👍1

Most helpful comment

@moxie0 I understand, anyway as you asked for feedback here is mine, after showing the feature to some tech-savvy friends.

  • People are getting confused by the toggle not switching to "verified" after a QR scan, as if something went wrong;
  • Almost nobody understands that one scan is sufficient, normally user A verifies, toggles "verified" and then user B does the same, scanning the code a second time with their device.
picture paride on 20 Jun 2017
👍3

All 4 comments

Thanks but I don't think we want to do this for now, maybe we'll look at it sometime in the future

moxie0 picture moxie0 on 20 Jun 2017
😕3

imo, it's very strange that after succeeded SN check animation the "verified" toggle button is still unchecked

ghost picture ghost on 20 Jun 2017
👍3

@moxie0 I understand, anyway as you asked for feedback here is mine, after showing the feature to some tech-savvy friends.

  • People are getting confused by the toggle not switching to "verified" after a QR scan, as if something went wrong;
  • Almost nobody understands that one scan is sufficient, normally user A verifies, toggles "verified" and then user B does the same, scanning the code a second time with their device.
paride picture paride on 20 Jun 2017
👍3

I think that upon successful QR scan (getting bit green checkmark) the verification on that device should be toggled automatically. It's more intuitive for the users.

The lack of automation creates the impression that the QR scan is not sufficient, and other criteria should be met to "properly verify". People are confused by it. Manual override option should be the "extra option", not the default.

Regarding the second device: single scan actually is a valid confirmation for both phones, so why should only one side be automated? Well, remote verification may be tricky, and there is no harm in "double-sided" scan to verify both sides.
So IMHO automating scanner-side verification will be a simple change with a decent UX boost.

scienmind picture scienmind on 5 Jul 2017
👍2
Was this page helpful?
0 / 5 - 0 ratings

Related issues

jult picture jult  路  3Comments
ilikenwf picture ilikenwf  路  3Comments
Dyras picture Dyras  路  3Comments
notthematrix picture notthematrix  路  3Comments
FeuRenard picture FeuRenard  路  3Comments