Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feature Request: biometric prompt to open Magisk app #4899

Open
thx1200 opened this issue Nov 7, 2021 · 14 comments
Open

Feature Request: biometric prompt to open Magisk app #4899

thx1200 opened this issue Nov 7, 2021 · 14 comments
Labels
app This issue is related to Magisk App enhancement New feature request

Comments

@thx1200
Copy link

thx1200 commented Nov 7, 2021

Request: provide an option to extend the biometric prompt to opening the Magisk app itself. This is to add a small extra layer of protection when an unlocked phone is handed to somebody else.

@github-actions github-actions bot closed this as completed Nov 7, 2021
@osm0sis osm0sis added the enhancement New feature request label Nov 8, 2021
@osm0sis osm0sis reopened this Nov 8, 2021
@osm0sis
Copy link
Collaborator

osm0sis commented Nov 8, 2021

Yep, SuperSU used to have this, and I continue to miss it. 👍

Repository owner deleted a comment from github-actions bot Nov 8, 2021
@osm0sis osm0sis changed the title Feature Request: biometric prompt to open Magisk Manager Feature Request: biometric prompt to open Magisk app Nov 8, 2021
@Displax
Copy link
Contributor

Displax commented Nov 9, 2021

Old @topjohnwu opinion
#533 (comment)

@THEb0nny you should protect your whole device with a strong lock screen password, have your data encrypted, and disable USB debugging. There is very little an app can do to protect itself since it is an application after all, it does not have the power to enforce any sense of security once your device is unlocked (implies data encryption decrypted) and exposed to others.

All "applock" stuffs are actually false security (although it is possible to block naive attackers e.g. your average Joe friend or your kid). I would consider adding this feature to Magisk Manager but not on my priority.

@osm0sis
Copy link
Collaborator

osm0sis commented Nov 9, 2021

I mean that quote doesn't totally make sense in this context. A launcher "protecting" apps with a biometric prompt is easily circumventable by launching the app directly from Android Settings > Apps, yes, but a sensitive app itself keeping itself protected by a biometric prompt is obviously an improvement over one which does not, and is not easily circumventable, why else would Magisk use biometrics for granting root to apps?

@Displax
Copy link
Contributor

Displax commented Nov 9, 2021

I mean that quote doesn't totally make sense in this context. A launcher "protecting" apps with a biometric prompt is easily circumventable by launching the app directly from Android Settings > App, yes, but an app itself keeping itself protected by a biometric prompt is obviously an improvement over one which does not, and is not easily circumventable, why else would Magisk use biometrics for granting root to apps?

Completely agree

@thx1200
Copy link
Author

thx1200 commented Nov 9, 2021

Agree and disagree. App level locking can add layer of security, but yes it is not to be relied on solely, even when it's an included system component like in OxygenOS. It does have its place, particularly if the settings / launcher / install intents are protected as part of it. It's definitely not a hacker proof method, but it doesn't need to be if you also have device-level security enabled. It is mostly useful as a barrier to casual user who might be borrowing your phone.

But all that is outside the scope of this request. The root manager app itself is a special case and is a critical system-level component that should allow a required authentication prompt, similar to how you have to do when you enter the security settings in Android even if your screen/device is already unlocked.

@vvb2060
Copy link
Collaborator

vvb2060 commented Nov 24, 2021

When you grant root access to the file manager, all defenses are lost.

@XspeedPL
Copy link

XspeedPL commented Feb 4, 2022

When you grant root access to the file manager, all defenses are lost.

Then use biometric auth for all root requests. With that also asking for biometric when opening Magisk starts making sense.

@lbdroid
Copy link

lbdroid commented Mar 24, 2022

Not necessarily just biometric, but whatever kind of security is enabled on the device. Any time that device security is enabled, Magisk should have security request defaulted to ON, this way clearing the application data won't provide a means of bypassing the request.

Note that Android security itself is protected in this manner. If you have lockscreen security enabled, then in order to alter lockscreen security settings, you need to authenticate.

@vvb2060 : Who would be stupid enough to provide permanent root access to a file manager?

@HuskyDG
Copy link
Contributor

HuskyDG commented Jun 5, 2022

It's useful when we want to prevent other apps from surreptitiously getting root access, not users

@ziqixiao52
Copy link

Yes,I think it is nessary to add it.

@yujincheng08 yujincheng08 added the app This issue is related to Magisk App label Mar 2, 2023
@freebrowser1
Copy link

Magisk now does have a biometric authentication, but it would be useful when using a root shell (e.g. using sudo bash in Termux) would prompt for a password, just like in any Linux system.

@SX-9
Copy link

SX-9 commented Apr 20, 2023

Magisk now does have a biometric authentication, but it would be useful when using a root shell (e.g. using sudo bash in Termux) would prompt for a password, just like in any Linux system.

i have enabled it but it will be nice if it does this for every request

@dared2007
Copy link

You can use the application encryption in your Android system to achieve this function.

@thx1200
Copy link
Author

thx1200 commented Jul 14, 2024

@damengmeng2279 This is not available on every version of android. Notably LineageOS does not have this feature.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
app This issue is related to Magisk App enhancement New feature request
Projects
None yet
Development

No branches or pull requests

13 participants