Android client PIN/fingerprint protection pointless?

I’ve been thinking of the purpose of the PIN/fingerprint protection in the Android Client.

In my scenario, I…

  1. Install latest Android client
  2. Log in with my credentials
  3. Set up PIN and/or fingerprint protection in the settings of the Android client
  4. Close Android client
  5. Open Settings -> Accounts -> Nextcloud
  6. Tap “Synchronize now” on my NC account
  7. Open “Files” or “Downloads” app (or any random file manager app)
  8. Freely access all my Nextcloud files without any PIN/fingerprint protection

So, the question is: why the hussle protecting the client, if “protection” can be bypassed in such a simple way?

Regards,

Eugen

Hi Eugen, it is rather about protection for what?

If you have access to the client you can upload new files to the server, delete files from the server. So the protection is more about not giving somebody else access to the files stored on the server rather than protecting the files downloaded to the client.

Hi Andy,

thanks for your answer.

I’ve got your point, but in my opinion this should be communicated more clearly to the user. I bet, most of the users expect that the files are inaccessible if they set up PIN/fingerprint protection in the app.

Regards,
Eugen

Hi @EugenVau,

I opened a discussion on the development tracker here: https://github.com/nextcloud/android/issues/2806

1 Like