Require authentication before doing an export · andOTP/andOTP#477

(1 comment) (1 reaction) (1 assignee)Java (3,711 stars) (368 forks)batch import

enhancementhelp wanted

Description

Is your feature request related to a problem? Please describe. I trust my phone but I'm afraid that if someone gets hold of it, they can do an OTP export. At the same time I prefer the Google Authenticator approach of not requiring a password (or a fingerprint scan) to open it since I'm already doing that in order to unlock my phone.

Describe the solution you'd like Add an option to require authentication when performing an export, so that if someone gets hold of your phone, they won't be able to export the data.

Even better, make it so that it's always required to reauthenticate before doing an export.

Describe alternatives you've considered Rely on the authentication when opening the app.

Additional context The rationale is as follows:

I'm already unlocking my phone before I use andOTP and I consider that secure enough for normal use.
Exporting my OTP database is a very sensitive process.

Contributor guide

Tech stack: javaandroid
Domain: mobilesecurity
Issue type: feature
Difficulty: 3
Estimated time: half day
Activity status: stale
Clarity: clear
Prerequisites: Android developmentAndroid Biometric APIJava
Newbie friendliness: 50
Research direction: The issue requests adding an option to require authentication (biometric or PIN) before exporting the OTP database. To implement, examine the existing export functionality in the source code, likely in an export activity or fragment. Use Android's BiometricPrompt API to prompt for authentication before executing the export. No linked PR or recent activity; the issue is from 2020, so verify the codebase is still accessible and consider the repository's unmaintained status.