SecurityAndPrivacySettings

Differences between revisions 75 and 76
Revision 75 as of 2016-03-23 10:36:53
Size: 18989
Editor: mpt
Comment: "before using" -> "to use" [from review by Benjamin Keyser]
Revision 76 as of 2016-03-23 10:39:25
Size: 18992
Editor: mpt
Comment: italics
Deletions are marked like this. Additions are marked like this.
Line 71: Line 71:
''Erratum: “before using” should be “to use” ''Erratum: “before using” should be “to use”.''

PC

System Settings should have a “Security & Privacy” panel.

“Security” tab

security.png

TBD

“Files & Applications” tab

files-applications.png

clear-usage-data.png

“Diagnostics” tab

diagnostics.png

The “Diagnostics” tab is described in detail at ErrorTracker. (If there is any difference between this sketch and that one, believe that one.)

Phone

security-privacy-access.phone.png

The main System Settings screen should have a “Security & Privacy” item.

security-privacy.phone.2.png

“Fingerprint ID” should navigate to the “Fingerprint ID” screen.

“Locking and unlocking” should navigate to the “Locking and unlocking” screen.

“SIM PIN” should navigate to the “SIM PIN” screen.

“Reset Storage Access…” should behave as specified in the Storage specification.

When “Stats on welcome screen” is off, the infographic on the welcome screen should not use any personal data.

As long as notifications are presented in an indicator menu:

  • Whenever “When locked, allow: Notifications and quick settings” is off, “Notifications on welcome screen” should be both off and insensitive.
  • Whenever “When locked, allow: Notifications and quick settings” is on, and “Notifications on welcome screen” is off, notifications should not produce notification bubbles and should not appear in the “Notifications” list. (In future this setting may move to, the Notifications settings.)

“Location” should navigate to the “Location” screen.

“App permissions” should navigate to the “App permissions” screen.

“Diagnostics” should navigate to the “Diagnostics” screen.

“Certificates & Keys” should navigate to the “Certificates & Keys” screen.

“Fingerprint ID”

fingerprint-id.phone.png fingerprint-add.phone.png

Erratum: “before using” should be “to use”.

The text “You must set a passcode to use fingerprint ID.” and the button “Set Passcode…” should be present, and the rest of the controls should be disabled, only if both (a) it is a requirement to have a passcode or password as a backup for fingerprint unlocking and (b) you have neither set. (This implies that the passcode should be stored even if you are not using it to unlock the phone.)

The following text should be of the form “No fingerprints registered.” or “Two fingerprints registered.”.

Choosing “Add Fingerprint…” should open an “Add Fingerprint” dialog with “Cancel” and “Done” buttons, where “Done” is disabled until registration is complete. The body text should say, as appropriate:

  • Place your finger on the home button.
  • Keep your finger on the button for longer.
  • Lift and press your finger again.
  • Sorry, the reader doesn’t seem to be working.
  • All done!

Choosing “Remove All…” should open an alert with no title, body text “Are you sure you want to forget all stored fingerprints?”, and buttons “Cancel” and “Remove”.

“Locking and unlocking”

For a discussion of protections against tampering and data theft, see ProtectingUserData.

locking.phone.png

On the “Locking and unlocking” screen, the “Lock security” setting should be summarized as “None”, “Passcode”, “Passphrase”, or “Fingerprint”.

The “Sleep when idle for:” menu (bug 1420493) should consist of items “30 seconds” (bug 1367294), “1 minute”, “2 minutes”, “3 minutes” (the default), “4 minutes”, “5 minutes”, and “10 minutes”.

The “Lock after auto-sleeping:” menu (bug 1436630) should consist of items “Immediately”, “30 seconds later”, “1 minute later” (the default), “5 minutes later”, “10 minutes later”, “30 minutes later”, and “1 hour later”.

Whenever “Lock security” is set to “Swipe (No security)”:

  • In the “Locking and unlocking” screen:
    • The “Lock when auto-sleeping:” menu should be disabled (since the phone cannot be locked at all).
    • The caption below the “Lock when auto-sleeping:” menu should not include the “Shorter times are more secure.” sentence, instead saying only “The system won’t lock during calls or video playback.”.
    • All the “When locked, allow:” options should be both on and insensitive, and the caption should read “Turn on lock security to restrict access when the phone is locked.”. If “Lock security” is later set to another value, the “When locked, allow:” options should both become sensitive and return to their previous values.
  • In the top-level “Security & Privacy” screen, “Encryption” should be off and disabled.

Whenever “Lock security” is set to any other option, and encryption is on, all the “When locked, allow:” options should be both off and insensitive, and the caption should read “Encryption prevents storing information while the phone is locked.”. If encryption is later turned off, the “When locked, allow:” options should both become sensitive and return to their previous values.

In the list of “When locked, allow:” options, “Launcher” should be first because whenever it is unchecked, the other options should be off and disabled (since you can’t get to them). Whenever “Launcher” is checked, those other options should return to their previous values.

phone-security-privacy-lock-security.png

phone-security-privacy-lock-security-switch-swipe.png

phone-security-privacy-lock-security-switch-passphrase.png

“Fingerprint” should be disabled unless you currently have at least one fingerprint registered. All other “Unlock the phone using:” options, except the current one and “Fingerprint”, should end with an ellipsis, because switching between any two will involve further input in the form of a dialog with common dialog behavior: “Switch to Swipe”, “Switch to Passcode”, or “Switch to Passphrase” as appropriate.

  • If switching from passcode, the dialog should begin with a “Current passcode:” field, with possible error text “Incorrect passcode. Try again.”.

  • If switching from passphrase, the dialog should begin with a “Current passphrase:” field, with possible error text “Incorrect passphrase. Try again.”.

  • If switching to passcode, the dialog should end with “Choose new passcode:” and “Confirm new passcode:” fields. The latter should have possible error text “Those passcodes don’t match. Try again.”.

  • If switching to passphrase, the dialog should end with “Choose new passphrase:” and “Confirm new passphrase:” fields. The latter should have possible error text “Those passphrases don’t match. Try again.”.

  • If switching to swipe, the dialog should have “Cancel” and “Unset” buttons. In all other cases it should have “Cancel” and “Set” buttons.

phone-security-privacy-lock-security-passphrase-change.png

Whenever “Unlock the phone using:” is set to passcode or passphrase, the list of options should be followed by a “Change Passcode…” or “Change Passphrase…” button respectively. Choosing it should open a “Change Passcode” or “Change Passphrase” dialog.

  • The “Current passcode:”/“Current passphrase:” field should have possible error text “Incorrect passcode. Try again.” or “Incorrect passphrase. Try again.”.

  • The next field should be “New passcode:”/“New passphrase:”.
  • The “Confirm new passcode:”/“Confirm new passphrase:” field should have possible error text “Passcodes don’t match. Try again.” or “Passphrases don’t match. Try again.”.

SIM PIN and CHV/PUK code

sim-pin-access.phone.png

On the “Security & Privacy” screen, “SIM PIN” should have the summary value “Off” or “On” if there is one SIM. If there are two SIMs, it should have the summary value “Off”, “1/2”, or “2/2”.

The contents of the “SIM PIN” screen should depend on the number of SIMs:

sim-pin-section-off.phone.png sim-pin-section-locked.phone.png sim-pin-section-unlocked.phone.png sim-blocked-settings.phone.png

A SIM PIN section should consist of:

  • If there is more than one SIM, to show which one this is, an introductory label consisting of the SIM ID followed by a colon.

  • A “SIM PIN” switch, reflecting whether a SIM PIN is in effect (regardless of whether it is locked, unlocked, or blocked). Whenever you turn the SIM PIN on, if a PIN was recorded already, an “Enter Previous SIM PIN” dialog should appear, with a PIN field, “Cancel” and “Start Using PIN” buttons, and the common dialog behavior. And whenever you turn SIM PIN off, an “Enter SIM PIN” dialog should appear, with a PIN field, “Cancel” and “Stop Using PIN” buttons, and the common dialog behavior. In both dialogs, the field should have initial caption “{N} attempts allowed.”, changing on error to the error text “Incorrect PIN. {N} attempts remaining.”. If you cancel, the SIM PIN should remain in its previous state.

  • Whenever “SIM PIN” is on, a static item showing whether the SIM is “Unlocked”, “Locked”, or “Blocked” (bug 1438323).

    • Whenever it is locked, at the trailing end should be an “Unlock…” button that opens an “Unlock SIM” dialog. This dialog should have:
    • Whenever it is unlocked, at the trailing end should be a “Change PIN…” button that opens a “Change SIM PIN” dialog. This dialog should have:
      • a “Current PIN:” whole-number field, with the initial caption “{N} attempts allowed.”, changing on error to the error text “Incorrect PIN. {N} attempts remaining.”

      • a “Confirm new PIN:” whole-number field, with possible error text “PINs don’t match. Try again.”
      • the common dialog behavior.

    • Whenever it is blocked, at the trailing end should be an “Unblock…” button that opens an “SIM Blocked” dialog. If you choose “Unblock…” in this dialog, a consecutive dialog (used deliberately, to slow down users who haven’t been reading) should open, which should have:

sim-blocked-dialog.phone.png sim-blocked-unblock.phone.png

If you enter the SIM PIN wrong for the final time in the “Unlock SIM” dialog, the “SIM Blocked” dialog should appear immediately.

Finally, the SIM PIN caption should differ slightly depending on whether any SIM currently has the SIM PIN turned on:

  • If not: “When a SIM PIN is set, after restarting the phone or swapping the SIM, you must unlock the SIM before making calls or using SMS or other cellular services. Entering an incorrect PIN repeatedly may lock the SIM permanently.”
  • If so: “After restarting the phone or swapping the SIM, you must unlock the SIM before making calls or using SMS or other cellular services. Entering an incorrect PIN repeatedly may lock the SIM permanently.”

Common behavior for “Phone locking” and “SIM PIN” dialogs

phone-sim-pin-previous.png

phone-sim-pin-change.png

The “Switch to Swipe”, “Switch to Passcode”, “Switch to Passphrase”, “Change Passcode”, “Change Passphrase”, “Enter Previous SIM PIN”, “Enter SIM PIN”, “Change SIM PIN”, and “Unblock SIM” dialogs should follow the principles of preventing errors when this can be done obviously, otherwise explaining them at the earliest non-annoying moment, and maximizing visual stability.

  • The main action button should be disabled whenever any of these are true:
    • a passcode field does not contain exactly four digits
    • a passphrase field is empty
    • a SIM PIN field does not contain 4~8 digits (the GSM PIN bounds)
    • the “CHV/PUK code:” field does not contain 4~8 digits (see “Coding of CHVs and UNBLOCK CHVs).

    These errors are obvious enough not to need further explanation.

  • Whenever “Choose new…” and “Confirm new…” fields do not match:
    • If their contents are different lengths, you may not have finished typing yet, so no error should be presented unless you go ahead and choose the main action. Therefore, the main action button must be sensitive; if you tap it, then the error should be presented (and remain until the fields match), and the “Choose new…” field should become focused for you to try again.

    • If their contents are the same length, you may think you’ve finished typing, so the error should be presented immediately.
    • When the error is presented, it should be by highlighting both fields with the standard error style (bug 1222787), and inserting the error text below the “Confirm new…” field as a caption (so that it’s least likely to move either of the fields while you are examining them).

  • Otherwise, when you choose the main action:
    1. The dialog should remain open, with all its elements temporarily insensitive, while the action is attempted. If it takes more than a second, the action button’s text should be replaced by a spinner.
    2. If the “Current…” field (where present) has an incorrect value, it should acquire the standard error style, the error text should appear as its caption, all elements should resume sensitivity, the field should become focused, and its contents should become selected.
    3. If the action succeeds, the main action button’s label should be replaced by (./) a green checkmark, then after two seconds the dialog should close.

Location access

location-settings.phone.png

The “Location” screen is described in detail at Location. (If there is any difference between this sketch and that one, believe that one.)

Diagnostics

diagnostics-access.phone.png

On the “Security & Privacy” screen, the “Diagnostics” settings should be summarized as “Sent” if any are, or “Not sent” if none are. (Both should have a translation note explaining that “sent” means that data is habitually sent, not that it was sent in the past tense.)

diagnostics.phone.png

The “Diagnostics” screen is described in detail at ErrorTracker. (If there is any difference between this sketch and that one, believe that one.)

Certificates & Keys

certificates.phone.png

Erratum: The screen should be titled “Certificates & Keys”.

Whenever you download a certificate, private key, or PAC file, regardless of app, a certificate preview dialog should appear in front of that app, including “Cancel” and “Install” buttons. If you choose “Install”, the certificate/key/file should be stored for future use. TBD: Exact layout of that dialog.

In the System Settings “Certificates & Keys” screen, whenever there are no certificates, the screen should contain optically centered text “No certificates”. Otherwise, it should contain an alphabetically sorted list of certificates and PAC files. TBD: Exact format of the summary text. Either way, it should end with the caption: “Certificates are used for connecting to some Wi-Fi, VPN, and other networks. Download a certificate to add it to this list.”

Tapping a list item should open the same certificate preview dialog, but with only an “OK” button. Each list item should have a trailing Delete action.

SecurityAndPrivacySettings (last edited 2016-07-11 16:06:13 by mpt)