android icon indicating copy to clipboard operation
android copied to clipboard
verified publisher icon nextcloud

Warn when using an unencrypted (non-HTTPS) server connection (Add connection security status icon)

Open grazing-llama opened this issue 7 years ago • 1 comments

First, Nextcloud is awesome! Keep up the good work!

Actual behaviour

When using the Nextcloud app to connect to a Nextcloud server over an unencrypted connection, the user is not warned that the connection is not secure. This does not happen at first nor subsequent logins.

Expected behaviour

When a user attempts to connect to a Nextcloud server over an unencrypted connection, the user should be warned that their connection is not protected/private, and that their data is at risk. Currently the app does display this kind of warning when connecting to a server that has a self-signed certificate. So I think it makes sense to also warn when encryption is not in use at all.

One could argue that a user should already know if a server is using encryption based on the connection information they enter, or that Nextcould should never be available over an unencrypted channel, and I would have to agree. But I still think they deserve the warning.

UI Suggestion:

Add an icon or some other indication that the connection to the server is secure. or Add an icon or some other indication only when the connection is not secure.

Steps to reproduce

  1. Set up Nextcloud, but do not configure encryption (https) on the web server.
  2. As admin, set up a new user.
  3. Use the Nextcloud Android app to connect to the server and log in for the first time as the new user.
  4. Observe that no warning is presented to the user regarding the lack of connection security.
  5. After the initial log-in, restart the app to reconnect.
  6. Observe that no warning is presented.

Environment data

Android version: 6.0

Device model: (Generic)

Stock or customized system: Stock

Nextcloud app version: 3.3.0

Nextcloud server version: 14

grazing-llama avatar Sep 20 '18 22:09 grazing-llama

GitMate.io thinks possibly related issues are https://github.com/nextcloud/android/issues/2959 (Feature request: connection status), https://github.com/nextcloud/android/issues/781 (add icons to website/twitter on user info screen), https://github.com/nextcloud/android/issues/658 (Server not in "trusted_domain" fails silently on connection), https://github.com/nextcloud/android/issues/2917 (Add "loading" icon for slow server backends in sharing), and https://github.com/nextcloud/android/issues/616 (Need feedback on server connection).

nextcloud-android-bot avatar Sep 20 '18 22:09 nextcloud-android-bot