1

Lock action fullscreen should be overlay + blocking hiding notification bar and buttons

The lock action is a pretty useful feature for "locking" your phone while still allowing unattended remote access when needed, since bypass the real lockscreen is a lot harder.

The problem is that the lock action still shows the notification bar ( allowing people to read notifications ) and the buttons.

It would be nice if the lock action ( when full screen is selected ) completely block everything ( including notification bar and buttons ) while waiting for the password.

Follow

1 reply

Votes Newest Oldest
NB

The most ideal solution to your problem is to use the SecureTask plugin (along with granting it Device Owner**) and use the action Status Bar to actually disable the status bar entirely***. I have something that looks like this:

It instructs Android to actually disable the status bar from being dragged down, which is much more safe and reliable than overlays (in case a "bad actor" can somehow circumvent the block using a USB input device like keyboard or mouse, or a million other possible attack vectors).

Unfortunately, the Lock action is quite crappy. It really needs an overhaul, including dynamically resizing the "Lock" scene when ANY screen size (including orientation) change events occur. I posted a new Idea for that here: Fullscreen / Resize Scenes | Tasker Feature Requests (helprace.com)

Currently, doing Immersive Mode: Hide Both, then Lock, results in gaps between the bottom and top of the Lock dialog. You can omit the Immersive Mode entirely to prevent this, but it's important to note that there are many circumstances under which Tasker does NOT resize the "Lock" scene to the device's max resolution, so ultimately if you know these Tasker defects, you can bypass the screen it presents.

To handle these conditions, you can do a System Lock, then Lock, that way any exposed area of the screen is semi-protected. Unfortunately, for many bad actors, including the US government, a system lock screen on Android is somewhat trivial to bypass.

Ultimately, it's best to use the 'Authentication Dialog' to perform authentication. Unfortunately, on Samsung devices, the 'Credentials' Type option is not honored, and instead (if you have biometrics setup), only a fingerprint is asked for. :-( (This is a Samsung bug, not a Tasker bug, and will likely remain unfixed since it's been this way for a very long time.) 

** Note about granting Device Owner: You cannot grant Device Owner permission to more than one app at a time (very, very rare scenario); and it cannot be granted when ANY accounts are configured in the Android Accounts page; and some features of certain phones, namely Samsung phones, will no longer work, such as Secure Folder (Samsung) or Work Profiles (Samsung). Also: Joao has said he is working on adding Device Owner to Tasker, so stay tuned.

*** Note about disabling Status Bar: As SecureTask advises, disabling the Status Bar is very dangerous, particularly when you have an overlay blocking things. It can make your device inaccessible to some degree. What's worse is that the Lock action does NOT continue the Task if "Allow Cancel" is checked in the action's configuration, so calling SecureTask's Status Bar action after Lock'ing will never be called.

Comment
NB

Correction: Authentication Dialog "bug" of the "Credentials" option not ONLY requiring credentials is actually a Tasker deficiency and I submitted a report to Joao. Now, whether or not, when re-implemented, Samsung devices honor the API design, is another matter.

In Tasker's defense (since I don't think Joao even owned Tasker at the time), the Android API didn't even allow only requesting credentials only when the BiometricPrompt class was initially created. As of 4 APIs ago (API 30), it does allow that.

Reply