Feature request: Lock TextSecure upon connection to usb

[darkwisperer]

Just like the title says. When there is a USB plugged into the phone (on connection event), erase the Text Secure credentials from memory and require the user to enter their password.

This is to make it harder for some one to gain access to the encrypted text message database since upon connection (via USB at least) the saved credentials are destroyed in memory and can not be gleaned from a memory dump.

[EvanK]

+1

[jcs]

It's possible to do ADB over the air, so reacting to a USB-only event is probably not the best way to go.

[generalmanager]

+1
like @jcs says - is there a general way to recognize adb activity?

[virtualritz]

+1
But it would be good to add an option for this in the prefs.

[agrajaghh]

I don't know... Its one more option just for the advanced users which is probably confusing for the average users. Its just usefull for the 1% (?) of the people who enabled adb.

My phone asks for permission everytime a new computer/fingerprint wants to connect over adb. So just trusted computers can connect anyway. Is this just a feature of my custom rom (Omni) or is it a feature of the new Android versions?

[generalmanager]

@virtualritz I don't see the need for a setting - in which case would one need to have the TS password cached in memory when ADB is activated? Simply checking for a USB cable is not enough, but if we check for an ADB connection I don't see a problem.

I can only imagine this to be useful for some kind of debugging, but wouldn't most of that need root either way? And if one has root, ADB isn't really necessary any more.
Even if there is some case where ADB helps with debugging on unrooted devices - wouldn't it be easier to simply create a build without this behaviour than to clutter the UI for everybody?

@agrajaghh I'm on omni too, so unfortunately I can't answer that.

[strugee]

I can answer that. I'm on CyanogenMod currently, but I've also seen the fingerprint prompt occur on nearly-stock Android (Galaxy Nexus CDMA). So yes, it works for all Android versions (unless the manufacturer has patched it out: unlikely).

[patcon]

Settings > Developer options > USB debugging notify [ ] / Revoke USB debugging authorizations

Given that the above is a good solution in stock android, could this be closed?

If it's really needed, someone could probably do something clever by building a simple root app that kills the KeyCachingService. This immediately locks TS on my phone:

adb shell su root am stopservice org.thoughtcrime.securesms/.service.KeyCachingService

[mcginty]

This seems more fit for an app like Tasker.

[patcon]

Good call.

For later readers, Tasker has "USB plugged" condition + "Kill app" action will shut down the service. Further info available elsewhere :)