Security


Would you like this feature implemented?

  1. Yes

    1 vote(s)
    100.0%
  2. No

    0 vote(s)
    0.0%
  3. Indifferent

    0 vote(s)
    0.0%

Last Updated:

  1. andyzammy

    andyzammy Member This Topic's Starter

    Joined:
    May 12, 2010
    Messages:
    21
    Likes Received:
    0
    This is more of a feature request for the OS rather than a specific application request. The reason for this request is that right now, as more and more of the internet is becoming increasingly easier to access from our mobile phones, the sensitive information they hold is not secure enough.

    My primary concern here is passwords. The easiest way to navigate your regular haunts on your mobile is to let the browser remember your password, so you have immediate access in just one click. This is also preferable to typing in your login info each time because when you actually type your password in (I'm thinking of touch screen keyboards here), the letters you press are visible to all who bother to look at your screen when you're typing it in.

    Now, there is already a solution in place for this problem, and that is to set a password/pin code/pattern lock on your screen, so that only you can access your phone. However I don't think that is the best possible solution available to an Open Source OS. This solution still binds your phone (I will explain that in a minute).

    There are several scenarios when you might lend your phone to your friends, or even complete strangers (rarer but possible), or even if your phone is stolen from you, it is perfectly plausible that for whatever reason, somebody else will/can be in possession of your phone. During this time, if your phone is unlocked to them, they have complete access to your info/passwords/email accounts to which those passwords are connected. Put simply, I don't want this. It can result in things like the relatively harmless Facebook status update, to the very serious situations involving money (bank, paypal, ebay, all accessible). None of these situations are desirable.

    I would like to add some sort of security measure to prevent situations like this from happening. I've not looked at android source code so I'm not even sure if something like this is possible, but what I have in mind is some sort of profiling feature, like you would have on a PC. Except for that instead of having multiple user accounts, there would be two profiles: My profile, and a Public profile.

    Now while I mentioned the similar concept of a PC users, there would only be one user of my phone - me. So there wouldn't be multiple user doc's (eg /home/my_docs, /home/my_friends_docs), no multiple contact lists, no two sets of apps, none of that in this concept. The only difference there should be in the two profiles, is that the Public profile won't use any of MY info in the web browser, any files/media I mark as sensitive won't show up in the Public profile etc, and won't have app installation/removal rights. The point of this feature is to give me piece of mind that if/when I hand my phone to somebody, all my personal information is kept safe.

    As for accessing this public profile, I envision something along the lines of the Slide Lock (for Public Profile) on the screen, together with the Pattern Lock (for My Profile). This gives easy access to the phone, whichever way it is used.

    I mentioned that it might get stolen, and that is because I would rather a stolen phone be useful to the thief in order for him to leave it on. This is so I can track it with *insert your app here*, and increase chances of it being found. (Also, perhaps a different but relevant subject, for the same reason I would like power off to be available only when the screen is unlocked (in MY profile, not a public one).

    That is my request.
    I understand that there are some workarounds to this problem (well, don't remember passwords to sensitive info, use pattern/password to lock phone), but as mentioned, these aren't perfect themselves, and why settle for second best in a phone that's supposed to be able to do anything? Also, the request itself isn't entirely full-proof solution (public profile pattern combo can be witnessed etc) but it's still a much better solution (at least in my opinion) than the current one (don't remember my passwords??! that seriously limits on-the-go usage... you're as good as broadcasting your passwords when typing them in anyway!).

    What do people think? Good? Bad? Why?
    Any and all feedback would be appreciated.
     

    Advertisement

Share This Page

Loading...