[deleted] Not sure I'd trust a third party to implement this.
matchboxbananasynergy
Proton Mail does have this feature.
It's a separate PIN that isn't the same as your device unlock method. If they do have this, where is it? I'm using the latest version of the app from Google Play. I don't see anywhere in the settings where you can unlock the app using your device credentials.
It could be implemented, but there would need to be a threat model associated with it.
Fairly straightforward;
- Situation 1 involves your device being physically accessed by an untrusted third party
- Situation 2 involves data being remotely read by an untrusted third party
Such an app lock wouldn't be encrypting the app's data, so someone with an OS exploit could bypass it
Does this device unlock method encrypt anything for existing implementations?
App pinning or giving access to a specific profile would be a better way to do it in that case.
That's a good point, but there could be situations where the phone was snatched from you while it was unlocked. I understand this is an extenuating circumstance, possibly beyond the scope of existing threats model GrapheneOS adheres to, but I don't know.
In general, if you want a robust way to lock an app or set of apps, putting them in their own profile is the way to do it. That allows you to put them at rest when you don't want to use them.
I can only respond to that by explaining why that's not practical in my case. I use a music app where I'm logged in, and personal information is easily accessible when using the app. Email address, last 4 digits of CC, receipts, and the account can be deleted or email/password changed. But it's an app I use constantly, and I want to be able to listen to music while, for example, reading an .epub book using an open source app from F-Droid. There are apps that I really need in my main profile, and putting them in their own profile together with other sensitive apps is not practical. I only expect to go to my sensitive profile occasionally. That profile has GSF, but my main one does too. Which is why I find it hard to justify using just one profile for GSF.