[FEATURE REQUEST] Force security if device is not protected

[jesmrec]

Passcode/Pattern are free to be enabled/disabled for users in Settings

• Driven for a new boolean branding option: device_protection (another name?). false by default.
  • false status will have no effect on the app
  • true status will trigger new behaviour

New behaviour

• If device is protected with passcode (or another method), nothing to do.
• if device is not protected with passcode or another method, security must be enforced with the value set in lock_enforced (check here how it works). This will have branding regards because 0 value is forbidden.

Add it to the MDM option set.

TASKS

• Research (if needed)
• Create branch feature/feature_name
• Development tasks
  • Implement whatever
  • ...
• Code review and apply changes requested
• Design test plan
• QA
• Merge branch feature/feature_name into master

PR

• App
• Library (if needed)

[jesmrec]

New behaviour

If device is protected with passcode (or another method), nothing to do.
if device is not protected with passcode or another method, security must be enforced with the value set in lock_enforced (check #3543 how it works). This will have branding regards because 0 value is forbidden.

The following scenarios to sum up

lock_enforced = 0

1. Initially, device does not have protection (if device has protection -> nothing to do in the app)
2. Install the app
3. App detects in the start that security is not enforced in the app itself, and device has no protection -> passcode enforcement is triggered . At this point, app has protection (enforced) and device does not have protection.
4. Now, open device's Settings and add protection to device (biometrical, passcode or both) -> At this point both app and device are protected.
5. Open again the app, go to Settings -> protection is not enforced anymore because device has passcode. User is allowed to remove the passcode. Passcode removed. If app is closed and reopen, passcode is not asked. At this point, app does not have protection and device has protection.
6. Open device' Settings, and remove the device's protection (passcode / biometric). By opening the app, the dialog to set passcode is asked

[jesmrec]

Other way:

1. Device with protection and app not protected

	lock_enforced = 0	lock_enforced !=0
device_protection = true	When app is open, user passcode/pattern not asked. In Settings, it is allowed to be enabled/disabled	When app is open, user must add a passcode or pattern. In Settings, it is NOT allowed to be disabled, because enforcement
device_protection = false	Passcode/Pattern not mandatory	When app is open, user must add a passcode or pattern. In Settings, it is NOT allowed to be disabled, because enforcement

2. Device with no protection and app not protected

	lock_enforced = 0	lock_enforced !=0
device_protection = true	When app is open, user must add a passcode or pattern. In Settings, it is NOT allowed to be disabled, because device is not protected	When app is open, user must add a passcode or pattern. In Settings, it is NOT allowed to be disabled, because enforcement
device_protection = false	Passcode/Pattern not mandatory	When app is open, user must add a passcode or pattern. In Settings, it is NOT allowed to be disabled, because enforcement

3. App already protected

	lock_enforced = 0	lock_enforced !=0
device_protection = true	Passcode/Pattern is already set. In Settings, it is allowed to be disabled if device is also protected. If device is not protected, NOT allowed to be disabled	In Settings, it is NOT allowed to be disabled, because enforcement
device_protection = false	Passcode/Pattern is already set. In Settings, it is allowed to be disabled, no matter if device is protected or not	In Settings, it is NOT allowed to be disabled, because enforcement

i hope it's more clear now