Skip to content

FR: Android: Require unlock first on quick tile on lockscreen #14628

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
Alifoss opened this issue Jan 14, 2025 · 2 comments · May be fixed by tailscale/tailscale-android#622
Open

FR: Android: Require unlock first on quick tile on lockscreen #14628

Alifoss opened this issue Jan 14, 2025 · 2 comments · May be fixed by tailscale/tailscale-android#622
Labels
fr Feature request good first issue Good for newcomers L1 Very few Likelihood needs-triage OS-android Issues involving Tailscale for Android security Issues involving security in the Tailscale product or infrastructure T0 New feature Issue type

Comments

@Alifoss
Copy link

Alifoss commented Jan 14, 2025

What are you trying to do?

Currently, tailscale can be enabled & disabled from the lockscreen without providing credentials/unlocking first.

Contrary to for example enabling/disabling bleutooth, wifi & other system settings (apart from display settings) which require verification first.

In my usecase, tailscale has the same 'value' as other system settings, and i would prefer to it not being disabled accidentaly on the lockscreen in my pocket, or by somebody who is not me.

To give an example of a hypothetical scenario; i'm using https://gitlab.com/Nulide/findmydevice, with a selfhosted communication server, not accesible on the internet but through tailscale. Accidentally disabling tailscale or being able to disable it on the lockscreen without verification in this case renders this whole setup useless. (I know the phone could be turned of aswell as easily, but nevertheless an option to ask for verification first on lockscreen would be nice).

I would even go as far as saying this should be default behavior, at least from my perspective.

My environment:
Pixel 9 pro
GrapheneOS android 15
Tailscale app 1.78.1-t**** (f-droid version)

How should we solve this?

If possible, let it behave like other 'important' system settings and ask for verification while used on lockscreen.

What is the impact of not solving this?

No response

Anything else?

No response
@Alifoss Alifoss added fr Feature request needs-triage labels Jan 14, 2025
@Alifoss Alifoss changed the title FR: Require unlock first on quick tile on lockscreen FR: Android: Require unlock first on quick tile on lockscreen Jan 14, 2025
@agottardo agottardo added security Issues involving security in the Tailscale product or infrastructure OS-android Issues involving Tailscale for Android labels Jan 17, 2025
@agottardo
Copy link
Contributor

This is not super high-priority as you correctly pointed out that it is very easy to circumvent it... that said, preventing changes when locked should be the default, and we have precedent for it: we require user auth to toggle the VPN via either widgets or shortcuts on iOS.

@agottardo agottardo added good first issue Good for newcomers L1 Very few Likelihood T0 New feature Issue type labels Jan 17, 2025
@agottardo
Copy link
Contributor

Android SDK docs: https://developer.android.com/develop/ui/views/quicksettings-tiles#perform-only

Your tile may display on top of the lock screen on locked devices. If the tile contains sensitive information, check the value of isSecure() to determine whether the device is in a secure state, and your TileService should change its behavior accordingly.

[...]

If the tile action is unsafe, use unlockAndRun() to prompt the user to unlock their device. If successful, the system executes the Runnable object that you pass into this method.

davfsa added a commit to davfsa/tailscale-android that referenced this issue Mar 13, 2025
@davfsa
android: ensure in secure state to interact with quicktile
b7b9abd 
Updates tailscale/tailscale#14628

Signed-off-by: davfsa <davfsa@gmail.com>
davfsa added a commit to davfsa/tailscale-android that referenced this issue Mar 13, 2025
@davfsa
android: ensure in secure state to interact with quicktile
3d03d04 
Updates tailscale/tailscale#14628

Signed-off-by: davfsa <davfsa@gmail.com>
@davfsa davfsa linked a pull request Mar 13, 2025 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
fr Feature request good first issue Good for newcomers L1 Very few Likelihood needs-triage OS-android Issues involving Tailscale for Android security Issues involving security in the Tailscale product or infrastructure T0 New feature Issue type
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

android: ensure in secure state to interact with quicktile davfsa/tailscale-android
2 participants
@agottardo @Alifoss