Add/document MDM option to enforce passcode

[michaelstingl]

1st idea: User should be forced to enter a new passcode when opening the app the first time…

Related: #2

Branch: feature/mdm_enhancements

PR: #773

Documentation: https://github.com/owncloud/ios-app/blob/feature/mdm_enhancements/docs/modules/ROOT/pages/ios_mdm.adoc#passcode-enforcement

QA [Approved]:

Key: passcode.enforced
Location: Security section on Settings.
Features: Passcode, Biometrical (touch or face id) and security enforcement.
Documentation link: https://github.com/owncloud/ios-app/blob/master/docs/modules/ROOT/pages/ios_mdm.adoc#passcode-enforcement

ACs:

• Passcode must be asked after installing if security is enforced via MDM. It is not posible to cancel or skip it
• Enforcement means that passcode is not allowed to switch off, so it will be hidden.
• Biometrical security is a user decision, when passcode is enforced.

1) Security not enforced from scratch

Test case	Result	Comments
Installation does not ask for passcode	✅
Passcode enabled, biometrical disabled	✅
Passcode enabled, biometrical enabled	✅
Passcode disabled, biometrical enabled	✅
Passcode disabled, biometrical disabled	✅

2) Security enforced from scratch

Test case	Result	Comments
Installation asks for passcode	✅
Passcode can not be cancelled	✅
Passcode can not be disabled	✅
Passcode enabled (hidden or greyed out), biometrical disabled	✅
Passcode enabled (hidden or greyed out), biometrical enabled	✅
Passcode disabled (hidden or greyed out), biometrical enabled	➖	passcode is enforced, biometrical not available
Passcode disabled (hidden or greyed out), biometrical disabled	➖	passcode is enforced, biometrical not available

3) Hot swap

Test case	Result	Comments
true -> false	✅
false (with passcode enabled) -> true	✅
false (with passcode + biometrical enabled) -> true	✅
false (with passcode disabled) -> true	✅

4) Documentation

Link on the top of this post. In this case, only one parameter to set-up (passcode.enforced).

Key	Type	Default	Description
passcode.enforced	✅	✅	✅

QA Reports:

• (1) Passcode is skipped after killing the app Add/document MDM option to enforce passcode #532 (comment)
• (2) Small glitch: Security section is not refreshed after switching off/on passcode lock Add/document MDM option to enforce passcode #532 (comment)
   

Tested with: iPhoneXR, iOS 14.4

[mneuwert]

@michaelstingl please share your thoughts as discussed in sprint planning regarding better UX / user flow for this feature

[michaelstingl]

My 1st 2 findings regarding the end to end user experience:

• User opens App the first time, needs to enter PIN. We should explain to user.
• If Passcode is enforced, users shouldn’t be allowed to switch it off in the settings

[mneuwert]

@michaelstingl Just put explanation here (see screenshot)? More detailed text instead of "Enter code"? Or separate screen?

[michaelstingl]

More detailed text instead of "Enter code"? Or separate screen?

both are valid approaches. you can start with the least effort approach. Just write "Set code" at first start maybe…

Maybe good idea in general, independent from MDM option.

[mneuwert]

@michaelstingl May be something like "You are required to set a passcode to use the app"?.. May be as optional subtitle in the same view under "Enter code"?

[michaelstingl]

yeah, we can try this 👍

[mneuwert]

@michaelstingl I shared IPA with you on 21.09. Did you try? Does it look like you would expect it?

[michaelstingl]

Yes, *.IPA looks good 👍

@jesmrec will start MDM testing with JAMF after the 11.4.2 release. (Technically everything is prepared)

Documentation part of this issue is blocked by #755 (WiP: Key-Metadata-JSON export from @felix-schwarz , then JSON ==> AsciiDoc with gomplate)

[jesmrec]

First insights after testing with 060dd57 (latest commit of branch feature/mdm_enhancements)

With the key:

	<key>passcode.enforced</key>
	<true/>

the result i got is:

everything is hidden in Security (should the label be hidden? or does it remain visible only in case there are certificates to show?) because passcode is not allowed to switch off. But, after installing the app, it is not prompted to add a new passcode.

I installed the app with Xcode. Other keys like bookmark.default-url work fine by closing/reopening the app after changing values in dictionary.

Same test was repeated by archiving branch feature/mdm_enhancementsand creating a new "Mobile Device App" entry in JAMF dashboard, with same results. URL parameters work, but i only see the Security content hidden, no passcode is prompted.

Then, i test on the other way, by setting from scratch:

	<key>passcode.enforced</key>
	<false/>

and re-enrolling the device to reinstall (i did not find another way to force a reinstallation). I got also same result: everything hidden in Security, that's not correct (passcode is now not enforced). But, other parameters in the dictionary (bookmark.default-url , bookmark.url-editable) worked fine, responding correctly to the changes.

So, the idea that come to my mind: is there something hardcoded in the code? password enforced does not work, but same changes in other key/values work fine.

My expectation here:

1. Fresh install:

• If passcode.enforced = true: after installing, user is asked for a passcode. This step is not skippable (no Cancel option). After typing correct passcode, Passcode option is hidden or greyed out in Settings. Biometrical options are visible and selectable.

• If passcode.enforced = false: regular behaviour. User is free to switch on/off passcode and biometrical

2. Hot swap

• If passcode.enforced = false and switches to true: When the app is re-opened, new passcode is asked only if it is not already set (user could set the passcode before). Then, it is disabled/greyed out in Settings to avoid switching it off.

• If passcode.enforced = true and switches to false: After reopening the app, Passcode section in Settings is visible and selectable. Passcode keeps active, but user is free to switch it off.

[michaelstingl]

everything is hidden in Security

Hm, "Lock application" or the biometrical stuff would still be useful?

@mneuwert additional MDM parameter for the lock delay? Otherwise iOS Files app won't work with passcode.enforced? (could be new issue)

[michaelstingl]

My expectation here:

yes, makes sense 👍

[mneuwert]

@michaelstingl @jesmrec I found first reason why the behaviour is as described... If ownCloud app is deleted, keychain data is retained on the device which somehow I was not thinking about. So here the previously stored passcode is there after re-install but the flag in user defaults is lost since they are stored in the app sand-box and are wiped with the app. Therefore some logic is broken..

We should consider implementing mechanism described here and wipe keychain on re-install:
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x06d-Testing-Data-Storage.md

Apple Engineer has suggested in the dev forum to add additional layer of encryption: encrypt all items stored in the keychain and store the key in the app sand-box, so that the key is wiped when app is deleted. So no key -> no valid data -> wipe everything and start from scratch.

[mneuwert]

@michaelstingl @jesmrec Updated a branch.. now should be looking better, somehow I didn't find manage logging in to JAMF instance to play with different settings.

[jesmrec]

New iteration with commit 16adc22b. Archived ipa uploaded to JAMF:

Problems reported above:

• Empty Security section when security is enforced (Add/document MDM option to enforce passcode #532 (comment)) -> FIXED

• User not prompted to add passcode (Add/document MDM option to enforce passcode #532 (comment)) -> FIXED

A couple of glitches to be reported in the next messages

[jesmrec]

Check these steps out:

1. In JAMF, set <key>passcode.enforced</key><true/>, so that the security is a must
2. Install the app (via JAMF, Xcode or archived .ipa. no matter which one)
3. Open the app -> Pincode is asked
4. Without typing a code, kill the app
5. Open the app again

Current: You can start to use the app with no pincode

Expected: After killing and re-opening, pincode must be asked again

Commit: 16adc22b
Enrolled device: iPhone XR v14.2

[jesmrec]

Small glitch when the switch manually on/off

1. In JAMF, set passcode.enforced, or, directly, don't enroll the device, so that security is not a must
2. Install app and open Settings
3. Enable pincode and enter correct values

Current: Lock application and Face ID are hidden. By browsing back and forth, they are visible

Expected: Lock application and Face ID are visible just after switching Passcode Lock on

NOTE: by switching off, same behaviour. In base branch milestone/11.5, behaviour is correct.

Commit: 16adc22b
Enrolled device: iPhone XR v14.2

[mneuwert]

@jesmrec Last glitch is works as designed I guess.. I am not sure we decided to be able to dynamically react to changes in settings.. We could technically subscribe to notification here, then we could update UI as soon as MDM server pushes new settings. WDYT @michaelstingl?

[jesmrec]

@jesmrec Last glitch is works as designed I guess.. I am not sure we decided to be able to dynamically react to changes in settings.. We could technically subscribe to notification here, then we could update UI as soon as MDM server pushes new settings. WDYT @michaelstingl?

the glitch is probably not very important. If this is the expected by design, we can iterate as usual to improve. Not a blocker.

#532 (comment) is still happening

[hosy]

@mneuwert I think this could be solved with less effort. I'm right?
If yes, we should implement a dynamic change of this settings section.

[mneuwert]

Small glitch when the switch manually on/off

1. In JAMF, set passcode.enforced, or, directly, don't enroll the device, so that security is not a must
2. Install app and open Settings
3. Enable pincode and enter correct values

Current: Lock application and Face ID are hidden. By browsing back and forth, they are visible

Expected: Lock application and Face ID are visible just after switching Passcode Lock on

NOTE: by switching off, same behaviour. In base branch milestone/11.5, behaviour is correct.

Commit: 16adc22b
Enrolled device: iPhone XR v14.2

I think I nailed it.. the problem was due to release notes being shown and preventing other views from being able to be presented modally. I provided a fix in the mdm_enhancements branch

[jesmrec]

I checked it and it's fixed. I will check it again with all tests together in the scope of next release 11.6

[jesmrec]

Completely tested. In first message, the tests executed. It was linked correctly.