termux-api icon indicating copy to clipboard operation
termux-api copied to clipboard

Published 20 hours ago verified publisher icon termux

Create a lock device API call

Open sergimn opened this issue 3 years ago • 5 comments

Feature description Allow Termux to immediately lock the device upon calling a termux-* command. Not sure if it's possible, but it would be a nice addition. The main use could be in case the phone gets stolen and loses connectivity with a BLE device (like a smart watch) or some app that allows to call Termux scripts requires it, the device could be locked. It would also be nice if the "Lockdown Mode" could be activated.

Background information Have you checked if the feature is accessible through the android API? This post from 10 years ago describes how to do it. Not sure if the current API still supports it and the security implications of allowing this. Do you know of other open-source apps that has a similar feature as the one you want? (Provide links) I don't :slightly_frowning_face:

sergimn avatar Mar 21 '21 00:03 sergimn

Neamar/KISS does this: https://github.com/Neamar/KISS/blob/ac1bb6e7644c04267e3ee5e02ebddafd4a6c90d6/app/src/main/java/fr/neamar/kiss/forwarder/ExperienceTweaks.java#L110

xalexalex avatar Mar 21 '21 10:03 xalexalex

Hey, thanks for considering the issue

I've been taking a look and it seems that KISS uses an accessibility service and for what I read it seems that if implemented this way, Termux would be able to control the whole system. I'm not sure if there is a way to make sure this feature does not have a negative impact on the security of the phone but if accessibility features are a "all or nothing" and not modular maybe the community should decide if it's worth to implement this and under what conditions.

sergimn avatar Mar 22 '21 00:03 sergimn

It "could" result in trouble.

https://www.xda-developers.com/google-threatening-removal-accessibility-services-play-store/

agnostic-apollo avatar Mar 22 '21 01:03 agnostic-apollo

I was more worried about the fact that if we allow Termux to be an accessibility service, nothing would stop anyone to try to hijack devices that download scripts on the internet (And it seems like lots of people do this).

I know nothing about Android architecture so maybe this won't solve the problem but would creating a (yet another) new app called something like "Termux:Lock" that its only purpose is to lock the device and only give accessibility permissions to that app, thus not allowing anyone to exploit the device as the only thing they can interact with is the Locking app.

This could introduce problems as well. Someone could create a script that locks the device the moment it's unlocked so the functionality should support some kind of rate limiting to not abuse the feature against the user.

sergimn avatar Mar 23 '21 15:03 sergimn