owncloud · hosy · Nov 19, 2021 · Nov 16, 2021 · Nov 16, 2021 · Nov 16, 2021
diff --git a/ownCloudAppShared/AppLock/AppLockManager.swift b/ownCloudAppShared/AppLock/AppLockManager.swift
@@ -340,13 +340,32 @@ public class AppLockManager: NSObject {
 		}
 
 		if unlocked, !self.shouldDisplayCountdown {
-			if let date = self.lastApplicationBackgroundedDate {
-				if Int(-date.timeIntervalSinceNow) < AppLockSettings.shared.lockDelay {
-					return false
+			if let backgroundedDate = lastApplicationBackgroundedDate {
+				if backgroundedDate.timeIntervalSinceNow > 0 {
+					// Device time is earlier than lastApplicationBackgroundedDate,
+					// which should not be possible. Clear unlocked state immediately
+					// to protect against this or other attempts to gain access by
+					// changing the device's clock time to a moment in the past
+					unlocked = false
+					lastApplicationBackgroundedDate = nil
+
+					Log.error(tagged: ["Security"], "Current device time \(Date().description) preceeds last application backgrounded date \(backgroundedDate.description), possibly indicating device time manipulation. Unlock status cleared.")
+
+					return true
+				} else {
+					if Int(-backgroundedDate.timeIntervalSinceNow) < AppLockSettings.shared.lockDelay {
+						// Unlock still valid
+						return false
+					}
 				}
 			}
 		}
+
+		// Clear unlocked state immediately if it has expired, so subsequently
+		// changing the device's clock time can't lead to an unlock
 		unlocked = false
+		lastApplicationBackgroundedDate = nil
+
 		return true
 	}