Lock Screen, The First Line of Defence
Part 1 - Practical Secure Android App Development
Screen locks offer devices an important extra layer of security. Each time user wants to unlock their device or switch it on, they will be asked to enter a PIN, password or biometric authentication. This means that if someone gets hold of the device they can’t access the data on the device without entering your password, pattern, PIN or biometric authentication .
“Insecure Authentication and Authorization” ranks top of the OWASP Mobile Top 10 Vulnerabilities
In my opinion this security measure should be adopted by every app that deals with any sensitive data, personal information, financial transaction, enterprise data, and even e-commerce (the number of times I have read, a child orders 100 pizzas/burgers by mistake on a parents mobile!!). So even if someone’s device is misplaced there is at least one level of security that an unauthorized user has deal with.
If we want the app usage restricted if the device is not secured through the device lock screen authentication then we can add a check that prevents user from using the app until device lock screen authentication is added.
fun isDeviceScreenLocked(context: Context): Boolean {
val keyGuardManager = context.getSystemService(Context.KEYGUARD_SERVICE) as? KeyguardManager
return keyGuardManager?.isDeviceSecure ?: false
}The above code snippet will return a boolean value, indicating if Device Lock Screen Authentication is enabled or not.
Add this check to onResume of the Activity (BaseActivity) of the App, to make sure that any change to the Device Lock Screen Authentication from Settings, is immediately reflected on the app.
In case, we want to prompt the user to go to the settings screen to setup the Lock Screen Authentication, we can use the following intent
fun getIntentToScreenLock(): Intent {
return Intent(Settings.ACTION_SECURITY_SETTINGS)
}Code Avaialble on Github
