[FEATURE REQUEST] Brute force protection

[jesmrec]

Actually, app is protected via passcode (and other methods). Our current passcode is 4-digit, so 10000 different passcode exist. Someone with enough time could try all the posibilities to unlock the app.

In order to avoid such situation, we should protect the passcode against brute force.

how does iOS do?

• You have three attempts to enter the correct passcode
• If not, you will have to wait some seconds for a new attemp
• If not, you will have to wait more seconds
• If not, more time etc etc...

Exponential increment of the time to wait for a new attempt.

this is a very common mechanism. There are also apps that block the access during some time if the initial 3 attempts fail...

more inputs and approaches are welcome.

TASKS

• Research (if needed)
• Create branch feature/brute_force
• Development tasks
  • Use ViewBinding instead of findViewById in PassCodeActivity
  • Create a preference with the number of attempts
  • Lock the app in function of the number of attempts
  • Show the countdown in the passcode screen
  • Take into account that the app can be closed and the countdown timer shouldn't start again
  • Unit tests
  • UI tests
• Code review and apply changes requested
• Design test plan
• QA
• Merge branch feature/brute_force into master

PR

• App
• Library (if needed)

[michaelstingl]

In order to avoid such situation, we should protect the passcode against brute force.

Yeah, now with Scoped Storage it's really useful 👍 .

[fesave]

Blocked until #3375 , #3384 and #3389 have been merged.