(ios) App Access Control: Device passcode fallback #478
Conversation
… opposed to passing around a generic string array.
…lback, and hasn't backed up their recovery phrase.
There was a problem hiding this comment.
Is it possible to let the user only use the Passcode option, without having to enable FaceID/TouchID? It does not really matter since the correct solution for users who don't want biometrics will eventually use the custom password feature (in a future PR), but it could be a valid option.
if the user ... then we display this warning:
I think the dialog is a bit too much:
- if the risk is so severe that a specific full-screen warning is needed, then we should not let the user disable that fallback option - or at least make it opt-out instead of opt-in.
- the warning should be contextual, in the App Access screen, since it really applies depending on the Passcode fallback option being enabled or not.
For example the help message in the Allow passcode fallback setting could be updated and contain a warning if needed.
But honestly, I think we can just remove that warning altogether : users need to backup their seed regardless of the app-control setting. It's true that a broken biometrics hardware can lock the user out if the passcode fallback was disabled, but that's just an edge case among many and we can't handle all of them.
But we could regularly remind the user that backing up their seed is important, even if they already checked the boxes.
…scode fallback, and hasn't backed up their recovery phrase.
I agree. And that screen already displays a warning icon next to the "Recovery Phrase", if the user hasn't performed a backup. Done in 880114a |
I do not believe this is possible. My understanding is that you have to use LAContext to prompt for iOS authentication. And the supported policies only allow you to determine whether-or-not to allow passcode fallback. |
|
Addresses issue #455 |
Partially addresses issue #441
Option 2 was missing from iOS, but fixed via this PR.
If the user:
then we display this warning: