Contents
PC
System Settings should have a “Security & Privacy” panel.
“Security” tab
TBD
“Files & Applications” tab
“Diagnostics” tab
The “Diagnostics” tab is described in detail at ErrorTracker. (If there is any difference between this sketch and that one, believe that one.)
Phone
|
The main System Settings screen should have a “Security & Privacy” item.
|
“Fingerprint ID” should be present when the device has a fingerprint scanner. Choosing it should navigate to the “Fingerprint ID” screen.
“Locking and unlocking” should navigate to the “Locking and unlocking” screen.
“SIM PIN” should navigate to the “SIM PIN” screen.
“Reset Storage Access…” should behave as specified in the Storage specification.
When “Stats on welcome screen” is off, the infographic on the welcome screen should not use any personal data.
As long as notifications are presented in an indicator menu:
- Whenever “When locked, allow: Notifications and quick settings” is off, “Notifications on welcome screen” should be both off and insensitive.
Whenever “When locked, allow: Notifications and quick settings” is on, and “Notifications on welcome screen” is off, notifications should not produce notification bubbles and should not appear in the “Notifications” list. (In future this setting may move to, the Notifications settings.)
“Location” should navigate to the “Location” screen.
“App permissions” should navigate to the “App permissions” screen.
“Diagnostics” should navigate to the “Diagnostics” screen.
“Certificates & Keys” should navigate to the “Certificates & Keys” screen.
“Fingerprint ID”
The text “To use Fingerprint ID, set a passcode first.” and the button “Set Passcode…” should be present, and the rest of the elements should be disabled, if both (a) it is a requirement to have a passcode or password as a backup for fingerprint unlocking and (b) you have neither set. (This implies that the passcode should be stored even if you are not using it to unlock the phone.)
The following text should be of the form “No fingerprints registered.” or “Fingerprints registered:”. When any fingerprints are registered, each should have a list item with an editable name, and each should have “Delete” as a leading action.
Choosing “Add Fingerprint…” should open an “Add Fingerprint” dialog with “Cancel” and “Add” buttons, where “Add” is disabled until registration is complete. The contents of the dialog should depend on the type of feedback the reader provides during registration:
If the reader provides no feedback at all
TBD
If the reader reports proportion complete only
TBD
- the graphic should fill from bottom to top to show that proportion.
If the reader reports direction required
The body text should say, as appropriate:
- Place your finger on the home button.
- Keep your finger on the button for longer.
- Lift then touch this part of your fingertip on the home button.
- Sorry, the reader doesn’t seem to be working.
- All done!
Each newly-complete region should fill from center to edges over the course of one second (and the reverse for newly-incomplete regions).
Regardless of reader type
Choosing “Add” should save the fingerprint and close the dialog. By default its name should be “Finger 1”, “Finger 2”, etc, but the name should be selected in the list so that typing replaces it.
“Locking and unlocking”
For a discussion of protections against tampering and data theft, see ProtectingUserData.
|
On the “Locking and unlocking” screen, the “Lock security” setting should be summarized as “None”, “Passcode”, “Passphrase”, or “Fingerprint”.
The “Sleep when idle for:” menu (bug 1420493) should consist of items “30 seconds” (bug 1367294), “1 minute”, “2 minutes”, “3 minutes” (the default), “4 minutes”, “5 minutes”, and “10 minutes”.
The “Lock after auto-sleeping:” menu (bug 1436630) should consist of items “Immediately”, “30 seconds later”, “1 minute later” (the default), “5 minutes later”, “10 minutes later”, “30 minutes later”, and “1 hour later”.
Whenever “Lock security” is set to “Swipe (No security)”:
- In the “Locking and unlocking” screen:
- The “Lock when auto-sleeping:” menu should be disabled (since the phone cannot be locked at all).
- The caption below the “Lock when auto-sleeping:” menu should not include the “Shorter times are more secure.” sentence, instead saying only “The system won’t lock during calls or video playback.”.
- All the “When locked, allow:” options should be both on and insensitive, and the caption should read “Turn on lock security to restrict access when the phone is locked.”. If “Lock security” is later set to another value, the “When locked, allow:” options should both become sensitive and return to their previous values.
In the top-level “Security & Privacy” screen, “Encryption” should be off and disabled.
Whenever “Lock security” is set to any other option, and encryption is on, all the “When locked, allow:” options should be both off and insensitive, and the caption should read “Encryption prevents storing information while the phone is locked.”. If encryption is later turned off, the “When locked, allow:” options should both become sensitive and return to their previous values.
In the list of “When locked, allow:” options, “Launcher” should be first because whenever it is unchecked, the other options should be off and disabled (since you can’t get to them). Whenever “Launcher” is checked, those other options should return to their previous values.
|
|
|
“Fingerprint” should be disabled unless you currently have at least one fingerprint registered. All other “Unlock the phone using:” options, except the current one and “Fingerprint”, should end with an ellipsis, because switching between any two will involve further input in the form of a dialog with common dialog behavior: “Switch to Swipe”, “Switch to Passcode”, or “Switch to Passphrase” as appropriate.
If switching from passcode, the dialog should begin with a “Current passcode:” field, with possible error text “Incorrect passcode. Try again.”.
If switching from passphrase, the dialog should begin with a “Current passphrase:” field, with possible error text “Incorrect passphrase. Try again.”.
If switching to passcode, the dialog should end with “Choose new passcode:” and “Confirm new passcode:” fields. The latter should have possible error text “Those passcodes don’t match. Try again.”.
If switching to passphrase, the dialog should end with “Choose new passphrase:” and “Confirm new passphrase:” fields. The latter should have possible error text “Those passphrases don’t match. Try again.”.
If switching to swipe, the dialog should have “Cancel” and “Unset” buttons. In all other cases it should have “Cancel” and “Set” buttons.
|
Whenever “Unlock the phone using:” is set to passcode or passphrase, the list of options should be followed by a “Change Passcode…” or “Change Passphrase…” button respectively. Choosing it should open a “Change Passcode” or “Change Passphrase” dialog.
The “Current passcode:”/“Current passphrase:” field should have possible error text “Incorrect passcode. Try again.” or “Incorrect passphrase. Try again.”.
- The next field should be “New passcode:”/“New passphrase:”.
- The “Confirm new passcode:”/“Confirm new passphrase:” field should have possible error text “Passcodes don’t match. Try again.” or “Passphrases don’t match. Try again.”.
SIM PIN and CHV/PUK code
|
On the “Security & Privacy” screen, “SIM PIN” should have the summary value “Off” or “On” if there is one SIM. If there are two SIMs, it should have the summary value “Off”, “1/2”, or “2/2”.
The contents of the “SIM PIN” screen should depend on the number of SIMs:
- If zero, only the placeholder text “No SIMs found”.
Otherwise, a SIM PIN section for each SIM, the last followed by the SIM PIN caption.
A SIM PIN section should consist of:
If there is more than one SIM, to show which one this is, an introductory label consisting of the SIM ID followed by a colon.
A “SIM PIN” switch, reflecting whether a SIM PIN is in effect (regardless of whether it is locked, unlocked, or blocked). Whenever you turn the SIM PIN on, if a PIN was recorded already, an “Enter Previous SIM PIN” dialog should appear, with a PIN field, “Cancel” and “Start Using PIN” buttons, and the common dialog behavior. And whenever you turn SIM PIN off, an “Enter SIM PIN” dialog should appear, with a PIN field, “Cancel” and “Stop Using PIN” buttons, and the common dialog behavior. In both dialogs, the field should have initial caption “{N} attempts allowed.”, changing on error to the error text “Incorrect PIN. {N} attempts remaining.”. If you cancel, the SIM PIN should remain in its previous state.
Whenever “SIM PIN” is on, a static item showing whether the SIM is “Unlocked”, “Locked”, or “Blocked” (bug 1438323).
- Whenever it is locked, at the trailing end should be an “Unlock…” button that opens an “Unlock SIM” dialog. This dialog should have:
- a “SIM PIN:” whole-number field
- “Cancel” and “Unlock” buttons
- Whenever it is unlocked, at the trailing end should be a “Change PIN…” button that opens a “Change SIM PIN” dialog. This dialog should have:
a “Current PIN:” whole-number field, with the initial caption “{N} attempts allowed.”, changing on error to the error text “Incorrect PIN. {N} attempts remaining.”
- a “Confirm new PIN:” whole-number field, with possible error text “PINs don’t match. Try again.”
- Whenever it is blocked, at the trailing end should be an “Unblock…” button that opens an “SIM Blocked” dialog. If you choose “Unblock…” in this dialog, a consecutive dialog (used deliberately, to slow down users who haven’t been reading) should open, which should have:
- an “Enter CHV/PUK code:” whole-number field
- “Cancel” and “Unblock” buttons
- Whenever it is locked, at the trailing end should be an “Unlock…” button that opens an “Unlock SIM” dialog. This dialog should have:
If you enter the SIM PIN wrong for the final time in the “Unlock SIM” dialog, the “SIM Blocked” dialog should appear immediately.
Finally, the SIM PIN caption should differ slightly depending on whether any SIM currently has the SIM PIN turned on:
- If not: “When a SIM PIN is set, after restarting the phone or swapping the SIM, you must unlock the SIM before making calls or using SMS or other cellular services. Entering an incorrect PIN repeatedly may lock the SIM permanently.”
- If so: “After restarting the phone or swapping the SIM, you must unlock the SIM before making calls or using SMS or other cellular services. Entering an incorrect PIN repeatedly may lock the SIM permanently.”
Common behavior for “Phone locking” and “SIM PIN” dialogs
|
|
The “Switch to Swipe”, “Switch to Passcode”, “Switch to Passphrase”, “Change Passcode”, “Change Passphrase”, “Enter Previous SIM PIN”, “Enter SIM PIN”, “Change SIM PIN”, and “Unblock SIM” dialogs should follow the principles of preventing errors when this can be done obviously, otherwise explaining them at the earliest non-annoying moment, and maximizing visual stability.
- The main action button should be disabled whenever any of these are true:
- a passcode field does not contain exactly four digits
- a passphrase field is empty
- a SIM PIN field does not contain 4~8 digits (the GSM PIN bounds)
the “CHV/PUK code:” field does not contain 4~8 digits (see “Coding of CHVs and UNBLOCK CHVs”).
- Whenever “Choose new…” and “Confirm new…” fields do not match:
If their contents are different lengths, you may not have finished typing yet, so no error should be presented unless you go ahead and choose the main action. Therefore, the main action button must be sensitive; if you tap it, then the error should be presented (and remain until the fields match), and the “Choose new…” field should become focused for you to try again.
- If their contents are the same length, you may think you’ve finished typing, so the error should be presented immediately.
When the error is presented, it should be by highlighting both fields with the standard error style (bug 1222787), and inserting the error text below the “Confirm new…” field as a caption (so that it’s least likely to move either of the fields while you are examining them).
- Otherwise, when you choose the main action:
- The dialog should remain open, with all its elements temporarily insensitive, while the action is attempted. If it takes more than a second, the action button’s text should be replaced by a spinner.
- If the “Current…” field (where present) has an incorrect value, it should acquire the standard error style, the error text should appear as its caption, all elements should resume sensitivity, the field should become focused, and its contents should become selected.
If the action succeeds, the main action button’s label should be replaced by
a green checkmark, then after two seconds the dialog should close.
Location access
|
The “Location” screen is described in detail at Location. (If there is any difference between this sketch and that one, believe that one.)
Diagnostics
|
On the “Security & Privacy” screen, the “Diagnostics” settings should be summarized as “Sent” if any are, or “Not sent” if none are. (Both should have a translation note explaining that “sent” means that data is habitually sent, not that it was sent in the past tense.)
|
The “Diagnostics” screen is described in detail at ErrorTracker. (If there is any difference between this sketch and that one, believe that one.)
Certificates & Keys
|
Erratum: The screen should be titled “Certificates & Keys”.
Whenever you download a certificate, private key, or PAC file, regardless of app, a certificate preview dialog should appear in front of that app, including “Cancel” and “Install” buttons. If you choose “Install”, the certificate/key/file should be stored for future use. TBD: Exact layout of that dialog.
In the System Settings “Certificates & Keys” screen, whenever there are no certificates, the screen should contain optically centered text “No certificates”. Otherwise, it should contain an alphabetically sorted list of certificates and PAC files. TBD: Exact format of the summary text. Either way, it should end with the caption: “Certificates are used for connecting to some Wi-Fi, VPN, and other networks. Download a certificate to add it to this list.”
Tapping a list item should open the same certificate preview dialog, but with only an “OK” button. Each list item should have a trailing Delete action.