Revision history [back]
 | 1 | initial version | posted 2015-03-15 20:02:38 +0200  |
[Feature-Request] API to enable Developers to Use Device Lock Code
Now, many here (including me) have already requested that they would like it if particular apps could be password protected and only open when the right passcode is entered.
I noticed that if you have enabled device lock code and try to enable 'Developer Mode', Sailfish immediately asks you to enter the security code first. So I suggest that you extend this and offer it as an API for other apps too.
This way, if a developer wishes to add password protection features in his / her app, they can then simply call this API. (And it could work the same way it does with enabling or disabling the 'developer mode' option - wherever the developer has used the API, the device lock code should be asked from the user.)
Otherwise, a developer may end up rewriting their own insecure version of it (or worse still, not bother because of the work involved). Another plus of such an API - as a user, I would trust (and expect) a Jolla API for this to be the more secure option.
Note: I still believe that as part of their initiative to secure Jolla, they should still offer a Sailish OS feature to password protect an app by the USER of the phone. But my suggestion here could provide a quick-fix temporary solution, and is, I believe, a useful feature for developers too as it makes their job easier.
| | 2 | No.2 Revision |
[Feature-Request] API to enable for Developers to Use Add Device Lock CodeCode to Apps
Now, many here (including me) have already requested that they would like it if particular apps could be password protected and only open when the right passcode is entered.
I noticed that if you have enabled device lock code and try to enable 'Developer Mode', Sailfish immediately asks you to enter the security code first. So I suggest that you extend this and offer it as an API for other apps too.
This way, if a developer wishes to add password protection features in his / her app, they can then simply call this API. (And it could work the same way it does with enabling or disabling the 'developer mode' option - wherever the developer has used the API, the device lock code should be asked from the user.)
Otherwise, a developer may end up rewriting their own insecure version of it (or worse still, not bother because of the work involved). Another plus of such an API - as a user, I would trust (and expect) a Jolla API for this to be the more secure option.
Note: I still believe that as part of their initiative to secure Jolla, they should still offer a Sailish OS feature to password protect an app by the USER of the phone. But my suggestion here could provide a quick-fix temporary solution, and is, I believe, a useful feature for developers too as it makes their job easier.
| | 3 | No.3 Revision |
[Feature-Request] API for Developers to Add Device Lock Code to Apps
Now, many here (including me) have already requested that they would like it if particular apps could be password protected and only open when the right passcode is entered.
I noticed that if you have enabled device lock code and try to enable 'Developer Mode', Sailfish immediately asks you to enter the security code first. So This is perfect, and I suggest that you extend this and offer it as an API for other apps too.
This way, if a developer wishes to add password protection features in his / her app, they can then simply call this API. (And it could work the same way it does with enabling or disabling the 'developer mode' option - wherever the developer has used the API, the device lock code should be asked from the user.)
Otherwise, a developer may end up rewriting their own insecure version of it (or worse still, not bother because of the work involved). Another plus of such an API - as a user, I would trust (and expect) a Jolla API for this to be the more secure option.
Note: I still believe that as part of their initiative to secure Jolla, they should still offer a Sailish OS feature to password protect an app by the USER of the phone. But my suggestion here could provide a quick-fix temporary solution, and is, I believe, a useful feature for developers too as it makes their job easier.
| | 4 | No.4 Revision |
[Feature-Request] API for Developers to Add Device Lock Code to Apps
Now, many here (including me) have already requested that they would like it if particular apps could be password protected and only open when the right passcode is entered.
I noticed that if you have enabled device lock code and try to enable 'Developer Mode', Sailfish immediately asks you to enter the security code first. This is perfect, and I suggest that you extend this and offer it as an API for use in other apps too.
This way, if a developer wishes to add password protection features in his / her app, they can then simply call this API. (And it could work the same way it does with enabling or disabling the 'developer mode' option - wherever the developer has used the API, the device lock code should be asked from the user.)
Otherwise, a developer may end up rewriting their own insecure version of it (or worse still, not bother because of the work involved). Another plus of such an API - as a user, I would trust (and expect) a Jolla API for this to be the more secure option.
Note: I still believe that as part of their initiative to secure Jolla, they should still offer a Sailish OS feature to password protect an app by the USER of the phone. But my suggestion here could provide a quick-fix temporary solution, and is, I believe, a useful feature for developers too as it makes their job easier.
| | 5 | No.5 Revision |
[Feature-Request] API for Developers to Add Device Lock Code to Apps
Now, many here (including me) have already requested that they would like it if particular apps could be password protected and only open when the right passcode is entered.
I noticed that if you have enabled device lock code and try to enable 'Developer Mode', Sailfish immediately asks you to enter the security code first. This is perfect, and I suggest that you extend this and offer it as an API for use in other apps too.
This way, if a developer wishes to add password protection features in his / her app, they can then simply call this API. (And it could work the same way it does with enabling or disabling now as in the 'developer mode' option - wherever the developer has used called the API, the device lock code should be asked from the user.)
Otherwise, a developer may end up rewriting their own insecure version of it (or worse still, not bother because of the work involved). Another plus of such an API - as a user, I would trust (and expect) a Jolla API for this to be the more secure option.
Note: I still believe that as part of their initiative to secure Jolla, they should still offer a Sailish OS feature to password protect an app by the USER of the phone. But my suggestion here could provide a quick-fix temporary solution, and is, I believe, a useful feature for developers too as it makes their job easier.
| | 6 | No.6 Revision |
[Feature-Request] API for Developers to Add Device Lock Code to Apps
Now, many here (including me) have already requested that they would like it if particular apps could be password protected and only open when the right passcode is entered.
I noticed that if you have enabled device lock code and try to enable 'Developer Mode', Sailfish immediately asks you to enter the security code first. This is perfect, and I suggest that you extend this and offer it as an API for use in other apps too.
This way, if a developer wishes to add password protection features in his / her app, they can then simply call this API. (And it could work the same way it does now as in the 'developer mode' option - wherever the developer has called the API, the phone device lock code should be asked from the user.)
Otherwise, a developer may end up rewriting their own insecure version of it (or worse still, not bother because of the work involved). Another plus of such an API - as a user, I would trust (and expect) a Jolla API for this to be the more secure option.
Note: I still believe that as part of their initiative to secure Jolla, they should still offer a Sailish OS feature to password protect an app by the USER of the phone. But my suggestion here could provide a quick-fix temporary solution, and is, I believe, a useful feature for developers too as it makes their job easier.
| | 7 | No.7 Revision |
[Feature-Request] API for Developers to Add Device Lock Code to Apps
Now, many here (including me) have already requested that they would like it if particular apps could be password protected and only open when the right passcode is entered.
I noticed that if you have enabled device lock code and try to enable 'Developer Mode', Sailfish immediately asks you to enter the security code first. This is perfect, and I suggest that you extend this and offer it as an API for use in other apps too.
This way, if a developer wishes to add password protection features in his / her app, they can then simply call this API. (And it could work the same way it does now as in the 'developer mode' option - wherever the developer has called the API, the phone device lock code should be asked from the user.)
Otherwise, a developer developers may end up rewriting their own insecure version of it this feature (or worse still, not bother because of the work involved). Another plus of such an API - as a user, I would trust (and expect) a Jolla API for this to be the more secure option.
Note: I still believe that as part of their initiative to secure Jolla, they should still offer a Sailish OS feature to password protect an app by the USER of the phone. But my suggestion here could provide a quick-fix temporary solution, and is, I believe, a useful feature for developers too as it makes their job easier.
| | 8 | retagged |
[Feature-Request] API for Developers to Add Device Lock Code to Apps
Now, many here (including me) have already requested that they would like it if particular apps could be password protected and only open when the right passcode is entered.
I noticed that if you have enabled device lock code and try to enable 'Developer Mode', Sailfish immediately asks you to enter the security code first. This is perfect, and I suggest that you extend this and offer it as an API for use in other apps too.
This way, if a developer wishes to add password protection features in his / her app, they can then simply call this API. (And it could work the same way it does now as in the 'developer mode' option - wherever the developer has called the API, the phone device lock code should be asked from the user.)
Otherwise, developers may end up rewriting their own insecure version of this feature (or worse still, not bother because of the work involved). Another plus of such an API - as a user, I would trust (and expect) a Jolla API for this to be the more secure option.
Note: I still believe that as part of their initiative to secure Jolla, they should still offer a Sailish OS feature to password protect an app by the USER of the phone. But my suggestion here could provide a quick-fix temporary solution, and is, I believe, a useful feature for developers too as it makes their job easier.
| | 9 | No.9 Revision |
[Feature-Request] API for Developers to Add Device Lock Code to Apps
Now, many here (including me) have already requested that they would like it if particular apps could be password protected and only open when the right passcode is entered.
I noticed that if you have enabled device lock code and try to enable 'Developer Mode', Sailfish immediately asks you to enter the security code first. This is perfect, and I suggest that you extend this and offer it as an API for use in other apps too.
This way, if a developer wishes to add password protection features in his / her app, they can then simply call this API. (And it could work the same way it does now as in the 'developer mode' option - wherever the developer has called the API, calls the API in the app, the phone device lock code should be asked from the user.)
Otherwise, developers may end up rewriting their own insecure version of this feature (or worse still, not bother because of the work involved). Another plus of such an API - as a user, I would trust (and expect) a Jolla API for this to be the more secure option.
Note: I still believe that as part of their initiative to secure Jolla, they should still offer a Sailish OS feature to password protect an app by the USER of the phone. But my suggestion here could provide a quick-fix temporary solution, solution, and is, I believe, a useful feature for developers too as it makes their job easier.
Use case:
(1) Developer wishes to ensures that only an authenticated user (the phone owner) can open and use the app.
(2) Developer wishes to ensure that only an authorized user can makes changes to the app and / or access the app data.
My quick-fix suggestion is for use case 1.
As suggested above, extend the phone device lock code and provide it as an API for developers to add a simple authentication method for opening apps. The API only needs to provide a boolean value indicating whether the user entered the correct code. (The phone lock method can handle all user error . If the user taps 'Cancel' in the phone lock view, the API should automatically terminate the app that called it).
Pseudo-code -
/* call api */
user.authenticated = os.app.secure.open()
/* verify authentication */
if (user.authenticated == True) {
// run app
}
Use case 2 may need architectural change in Sailfish OS (for example sandboxing each app and its data like ios does). And encryption to protect user data and so on ...