[Feature]: Implement PIN Protection

[andreas-ullrich]

Precondition

• I understood that this template is only for feature requests and not for bug reports

Cross-checked related issues?

• I have cross-checked this overview Overview: Tasks and Issues #322 as well as filtered for related labels https://github.com/monal-im/Monal/labels

Describe your feature

Using a PIN-protected chat app on a smartphone that is already secured by a PIN provides an additional layer of security and several advantages:

1. Enhanced Privacy and Security: If someone manages to bypass the main phone's PIN lock (by observing or guessing), having a separate PIN for chat apps ensures that personal messages remain protected. This is crucial for confidential communication. Particularly, unlocking the phone in a store with many video cameras leads to the PIN being easily read. Example "bring you Phone to a Store for repair / Display change / Battery:

   • "Clerk: Could you please give me the serial number of the Phone, I need it for Apple."
   • "Me: Sure, enters PIN, -> cameras on it."
   • "Clerk: Okay, please leave the phone here, we need 2-3 hours."
   • "Me: Sure thing."

2. Access for Multiple Users: In scenarios where I might share my device with others (e.g., family members or colleagues) for basic tasks or phone calls, a PIN-protected chat app ensures that my messages stay private even if the main access to the phone is shared.

3. Prevention of Accidental Access: Even in cases of unintentional access, such as children playing with my phone, having a PIN for specific apps can prevent them from accessing sensitive information.

4. Compliance and Professionalism: For professionals who use their personal devices for work, a PIN-protected chat app can help comply with corporate policies or legal requirements regarding handling confidential information.

"Multi-layered defense" ensures that even if one security measure fails, others are in place to protect my data. Security by design and default is generally a good approach.

[tmolitor-stud-tu]

Would #992 be okay, too? It just swaps "pin" for "face recognition".

[andreas-ullrich]

No

1. Anonymity and Privacy:

• PINs: A PIN is a simple numeric or alphanumeric code that is not tied to any personal identity information. It does not reveal any personal details about the user.
• Face ID: In contrast, Face ID involves the use of biometric data which is inherently personal. Facial recognition data can potentially be used to track or identify individuals without their consent in various contexts outside of device security.

2. Data Sensitivity and Abuse Potential:

• PINs: If compromised, a PIN can be changed easily and does not inherently expose any personal biometric information that could be abused in other contexts.
• Face ID: Biometric data like facial recognition is immutable. If such data is stolen or improperly accessed, it cannot be altered to safeguard the individual’s identity, posing a higher risk of identity theft and unauthorized use.

3. Security Through Obscurity and User Control:

• PINs: Users can choose the complexity of their PIN and change it frequently to enhance security. The effectiveness of a PIN depends on it being kept secret but it can be regularly updated to maintain security.
• Face ID: While generally secure, the use of biometric data means users have less control over this aspect of their security. Once compromised, the user cannot simply change their facial features to secure their device or accounts again.

While Face ID and similar biometric systems offer convenience and can provide robust security features, PINs offer a more private, controllable, and less invasive option. The use of a PIN avoids the complexities and potential dangers associated with the handling and protection of biometric data, making it a preferable choice from a data privacy and security perspective.