SecurityAndPrivacySettings

Revision 64 as of 2015-09-22 12:20:27

Clear message

PC

System Settings should have a “Security & Privacy” panel.

“Security” tab

security.png

TBD

“Files & Applications” tab

files-applications.png

clear-usage-data.png

“Diagnostics” tab

diagnostics.png

The “Diagnostics” tab is described in detail at ErrorTracker. (If there is any difference between this sketch and that one, believe that one.)

Phone

security-privacy-access.phone.png

The main System Settings screen should have a “Security & Privacy” item.

security-privacy.phone.png

“Locking and unlocking” should navigate to the “Locking and unlocking” screen.

“SIM PIN” should navigate to the “SIM PIN” screen.

“Reset Storage Access…” should behave as specified in the Storage specification.

When “Stats on welcome screen” is off, the infographic on the welcome screen should not use any personal data.

As long as notifications are presented in an indicator menu:

  • Whenever “When locked, allow: Notifications and quick settings” is off, “Notifications on welcome screen” should be both off and insensitive.
  • Whenever “When locked, allow: Notifications and quick settings” is on, and “Notifications on welcome screen” is off, notifications should not produce notification bubbles and should not appear in the “Notifications” list. (In future this setting may move to, the Notifications settings.)

“Location” should navigate to the “Location” screen.

“App permissions” should navigate to the “App permissions” screen.

“Diagnostics” should navigate to the “Diagnostics” screen.

“Locking and unlocking”

For a discussion of protections against tampering and data theft, see ProtectingUserData.

phone-security-privacy-locking.png

Erratum: “Phone locking” should be “Locking and unlocking”.

phone-security-privacy-lock-security.png

phone-security-privacy-idle.png

On the “Locking and unlocking” screen, the “Lock security” setting should be summarized as “None”, “Passcode”, or “Passphrase”. The “Lock when idle” setting should be summarized as “Never”, “1 minute”, “2 minutes”, etc.

When “Sleep locks immediately” is checked, the phone should lock immediately when sleeping regardless of the “Lock when idle” setting. Therefore, it should be unchecked and disabled whenever “Lock security” is set to “None” (since the phone cannot be locked at all). And otherwise, it should be checked and disabled whenever “Lock when idle” is set to “Never” (since there is no other way of locking the phone).

Whenever “Lock security” is set to “Swipe (No security)”:

  • The caption on the “Lock when idle” screen should not include the “Shorter times are more secure.” sentence, instead saying only “The phone won’t lock during calls or video playback.”.
  • Encryption” should be off and insensitive.

  • All the “When locked, allow:” options should be both on and insensitive, and the caption should read “Turn on lock security to restrict access when the phone is locked.”. If “Lock security” is later set to another value, the “When locked, allow:” options should both become sensitive and return to their previous values.

Otherwise, whenever encryption is on, all the “When locked, allow:” options should be both off and insensitive, and the caption should read “Encryption prevents storing information while the phone is locked.”. If encryption is later turned off, the “When locked, allow:” options should both become sensitive and return to their previous values.

Whenever “Launcher” is off, the other “When locked, allow:” options should be off and insensitive. Whenever “Launcher” is turned on, those other options should return to their previous values.

phone-security-privacy-lock-security-switch-swipe.png

phone-security-privacy-lock-security-switch-passphrase.png

All “Unlock the phone using:” options, except the current one, should end with an ellipsis, because switching between any two will involve further input in the form of a dialog with common dialog behavior: “Switch to Swipe”, “Switch to Passcode”, or “Switch to Passphrase” as appropriate.

  • If switching from passcode, the dialog should begin with a “Current passcode:” field, with possible error text “Incorrect passcode. Try again.”.

  • If switching from passphrase, the dialog should begin with a “Current passphrase:” field, with possible error text “Incorrect passphrase. Try again.”.

  • If switching to passcode, the dialog should end with “Choose new passcode:” and “Confirm new passcode:” fields. The latter should have possible error text “Those passcodes don’t match. Try again.”.

  • If switching to passphrase, the dialog should end with “Choose new passphrase:” and “Confirm new passphrase:” fields. The latter should have possible error text “Those passphrases don’t match. Try again.”.

  • If switching to swipe, the dialog should have “Cancel” and “Unset” buttons. In all other cases it should have “Cancel” and “Set” buttons.

phone-security-privacy-lock-security-passphrase-change.png

Whenever “Unlock the phone using:” is set to passcode or passphrase, the list of options should be followed by a “Change Passcode…” or “Change Passphrase…” button respectively. Choosing it should open a “Change Passcode” or “Change Passphrase” dialog.

  • The “Current passcode:”/“Current passphrase:” field should have possible error text “Incorrect passcode. Try again.” or “Incorrect passphrase. Try again.”.

  • The next field should be “New passcode:”/“New passphrase:”.
  • The “Confirm new passcode:”/“Confirm new passphrase:” field should have possible error text “Passcodes don’t match. Try again.” or “Passphrases don’t match. Try again.”.

SIM PIN

sim-pin-access.phone.png

On the “Security & Privacy” screen, “SIM PIN” should have the summary value “Off” or “On” if there is one SIM. If there are two SIMs, it should have the summary value “Off”, “1/2”, or “2/2”.

The contents of the “SIM PIN” screen should depend on the number of SIMs:

sim-pin-section-off.phone.png

sim-pin-section-locked.phone.png

sim-pin-section-unlocked.phone.png

A SIM PIN section should consist of:

  • If there is more than one SIM, to show which one this is, an introductory label consisting of the SIM ID followed by a colon.

  • A “SIM PIN” switch, reflecting whether the SIM PIN is active (regardless of whether it is locked or unlocked). Whenever you turn the SIM PIN on, if a PIN was recorded already, an “Enter Previous SIM PIN” dialog should appear, with a PIN field, “Cancel” and “Start Using PIN” buttons, and the common dialog behavior. And whenever you turn SIM PIN off, an “Enter SIM PIN” dialog should appear, with a PIN field, “Cancel” and “Stop Using PIN” buttons, and the common dialog behavior. In both dialogs, the field should have initial caption “{N} attempts allowed.”, changing on error to the error text “Incorrect PIN. {N} attempts remaining.”. If you cancel, the SIM PIN should remain in its previous state.

  • Whenever “SIM PIN” is on, a static item showing whether the SIM is “Unlocked” or “Locked” (bug 1378883).

    • Whenever it is locked, at the trailing end should be an “Unlock…” button that opens an “Unlock SIM” dialog with a PIN field, “Cancel” and “Unlock” buttons, and the common dialog behavior. Whenever it is unlocked,

    • Whenever it is unlocked, at the trailing end should be a “Change PIN…” button that opens a “Change SIM PIN” dialog. This dialog should have:
      • A “Current PIN:” field, with the initial caption “{N} attempts allowed.”, changing on error to the error text “Incorrect PIN. {N} attempts remaining.”.

      • A “Confirm new PIN:” field, with possible error text “PINs don’t match. Try again.”.
      • The common dialog behavior.

Finally, the SIM PIN caption should differ slightly depending on whether any SIM currently has the SIM PIN turned on:

  • If not: “When a SIM PIN is set, after restarting the phone or swapping the SIM, you must unlock the SIM before making calls or using SMS or other cellular services. Entering an incorrect PIN repeatedly may lock the SIM permanently.”
  • If so: “After restarting the phone or swapping the SIM, you must unlock the SIM before making calls or using SMS or other cellular services. Entering an incorrect PIN repeatedly may lock the SIM permanently.”

Common behavior for “Phone locking” and “SIM PIN” dialogs

phone-sim-pin-previous.png

phone-sim-pin-change.png

The “Switch to Swipe”, “Switch to Passcode”, “Switch to Passphrase”, “Change Passcode”, “Change Passphrase”, “Enter Previous SIM PIN”, “Enter SIM PIN”, and “Change SIM PIN” dialogs should follow the principles of preventing errors when this can be done obviously, otherwise explaining them at the earliest non-annoying moment, and maximizing visual stability.

  • Whenever a passcode field does not contain exactly four digits, a passphrase field is empty (bug 1412523), or a SIM PIN field does not contain 4~8 digits (the GSM PIN bounds), the main action button should be insensitive. These errors are obvious enough not to need further explanation.

  • Whenever “Choose new…” and “Confirm new…” fields do not match:
    • If their contents are different lengths, you may not have finished typing yet, so no error should be presented unless you go ahead and choose the main action. Therefore, the main action button must be sensitive; if you tap it, then the error should be presented (and remain until the fields match), and the “Choose new…” field should become focused for you to try again.

    • If their contents are the same length, you may think you’ve finished typing, so the error should be presented immediately.
    • When the error is presented, it should be by highlighting both fields with the standard error style (bug 1222787), and inserting the error text below the “Confirm new…” field as a caption (so that it’s least likely to move either of the fields while you are examining them).

  • Otherwise, when you choose the main action:
    1. The dialog should remain open, with all its elements temporarily insensitive, while the action is attempted. If it takes more than a second, the action button’s text should be replaced by a spinner.
    2. If the “Current…” field (where present) has an incorrect value, it should acquire the standard error style, the error text should appear as its caption, all elements should resume sensitivity, the field should become focused, and its contents should become selected.
    3. If the action succeeds, the main action button’s label should be replaced by (./) a green checkmark, then after two seconds the dialog should close.

Location access

location.phone.png

The “Location” screen is described in detail at Location. (If there is any difference between this sketch and that one, believe that one.)

Diagnostics

diagnostics-access.phone.png

On the “Security & Privacy” screen, the “Diagnostics” settings should be summarized as “Sent” if any are, or “Not sent” if none are. (Both should have a translation note explaining that “sent” means that data is habitually sent, not that it was sent in the past tense.)

diagnostics.phone.png

The “Diagnostics” screen is described in detail at ErrorTracker. (If there is any difference between this sketch and that one, believe that one.)