budget-watch icon indicating copy to clipboard operation
budget-watch copied to clipboard

Published 20 hours ago verified publisher icon brarcher

Add Password protection option

Open MoDevby opened this issue 6 years ago • 4 comments

Close #187

MoDevby avatar Jan 22 '19 03:01 MoDevby

I'll take a look at your change in a bit. The build failure is from the findbugs task, which runs the FindBugs Java static analysis tool. Could you run that tool locally to see if it is pointing out any bugs or issues that need to be addressed. To run it:

./gradlew findbugs

brarcher avatar Jan 22 '19 06:01 brarcher

FYI, I was able to bypass the password protection in the following ways:

  1. When the password prompt is shown press "back". This leads to the main activity without requiring the password.
  2. Add an icon to the home screen. Long press the icon. This brings up a static menu to add a revenue or expense. Click on either opens the TransactionViewActivity without requiring a password.

brarcher avatar Jan 22 '19 07:01 brarcher

Looking over most of the changes and playing with it on an emulator, I understand the change is focused on preventing a user from accessing the application rather than protecting the underlying data. I would support a change to encrypt the underlying data, which would require a password to unlock. Further, the key would need to be stored in Android's Keystore. If you are interested in pursuing this change I can help with advice and code reviews. I've not used the Java Keystore APIs before, so perhaps we can learn together.

I appreciate your sending the changes you have. The nature of the proposed changes I'll not be able to accept, however, as they only attempt to hide the data rather than encrypting it.

brarcher avatar Jan 23 '19 05:01 brarcher

FYI, I was able to bypass the password protection in the following ways:

1. When the password prompt is shown press "back". This leads to the main activity without requiring the password.

2. Add an icon to the home screen. Long press the icon. This brings up a static menu to add a revenue or expense. Click on either opens the TransactionViewActivity without requiring a password.
  1. I solved this by using startActivityForResult as suggested by you.
  2. I intentionally want this behaviour, as if you remember from the discussion in my request #187, the whole goal is to prevent the peeking into the financial info but adding an expense or revenue shouldn't be a problem (specially that these are shortcuts it should be for fast actions so no password protection is needed here).

MoDevby avatar Apr 02 '19 16:04 MoDevby