os-issue-tracker icon indicating copy to clipboard operation
os-issue-tracker copied to clipboard
verified publisher icon GrapheneOS

Add password protection for certain actions

Open An-anonymous-coder opened this issue 1 year ago • 0 comments

A fitting addition to the Exploit protection settings would be to add device password protection for certain sensitive apps. It's not hard to imagine someone snatching your phone while it's unlocked, having an unlocked phone taken under duress, or simply forgetting to lock your phone. No matter how it happens, an unlocked phone is a common thing that happens, no matter how short your screen timeout is. I propose that there should be device password protections for some actions that could compromise privacy or security, such as:

  1. Installing apps. Apple has this feature for iPhones. It makes it significantly harder to install any malicious apps this way.
  2. Changing the "Install unknown apps" permission
  3. Changing network settings (to prevent setting a malicious DNS)
  4. Uninstalling apps
  5. Changing notification settings (suppose you had an app such as an antivirus which notifies you of malicious activity)
  6. Screen timeout settings
  7. Enabling secondary on-screen keyboards

Those are just a few, but you get the idea. Adding this second authentication adds a layer of protection even if someone has your phone unlocked. These protections should be customizable, to remove some annoyances. This is also a good place to add customization for per-app locks, which I'm sure has already been suggested.

An-anonymous-coder avatar Oct 22 '24 01:10 An-anonymous-coder