Biometric Protection of Individual Apps

“Snatch and grab” of mobile phones is a big problem in some areas. If
the phone screen is locked then the risk of someone being able to access
sensitive applications, like banking and shopping apps, is pretty low.
But one type of snatch and grab is someone running or cycling past
someone that is talking on their phone, or looking at maps or a web
site, and grabbing an unlocked device. This opens up the possibility of
substantial financial losses. See “Woman had $10,000 taken from bank
account minutes after iPhone stolen” at
<https://finance.yahoo.com/news/woman-got-locked-her-apple-163000848.html>.

For most banking apps, you usually will need a separate passcode or
biometrics to get to a screen where it then uses 2FA (the 2FA is
essentially worthless of course because the SMS comes to the unlocked
phone), but you'd need to enter the passcode to even get to the point
where 2FA is sent.

What's needed is the ability to individually require biometrics, or a
PIN, to open certain apps even when the phone screen is already unlocked.

For Samsung Galaxy phones, this feature is built in, using "Secure
Folder." Other Android device manufacturers with this feature are Asus,
Huawei, Honor, OnePlus, Redmi, and Xiaomi (see How to lock apps on your
Android phone to prevent unauthorized access
<https://www.xda-developers.com/how-to-lock-apps-on-your-android-phone/>).
Motorola, Google Pixel, Sony, and other Android devices do not have
this feature built in.

There are Android Apps like “AppLock”
<https://play.google.com/store/apps/details?id=com.domobile.applockwatcher>
which provide the same type of protection. Another way to achieve this
capability, without the need for an app, is to create a separate
Android user profile that contains apps that require additional security
(bank accounts, shopping, etc.).

Unfortunately, as “Learn how to passcode protect individual Android
apps” states: "Unfortunately, Apple lags behind Android in this regard.
Sure, you can lock your iPhone or iPad by setting a passcode or taking
advantage of Touch ID and Face ID. Although some apps like Whatsapp have
built-in lock mechanisms, Apple doesn’t offer any native feature that
lets you lock apps." Also, unlike Android, iOS doesn’t yet allow
multiple user accounts on one device so you can’t use that method either
(Apple does allow multiple accounts on iPads sold into the education
market).

For jailbroken iPhones there's the “BioProtect XS” Tweak which provides
biometric protection for individual apps but of course you have to
jailbreak your device to use that tweak.

I have added this information to the document “52 iOS & iPhone Features
Which [many] Android Users Wish they Had and 213 Android & Android
Phone Features Which [many] iOS Users Wish they Had" at
<https://docs.google.com/document/d/1JznrWfGJDA8CYVfjSnPTwfVy8-gAC0kPyaApuJTcUNE/>
in 215a on page 104.

sms wrote:

> Snatch and grab of mobile phones is a big problem in some areas.

Particularly if you live in the projects of the Bronx, across the river.

The point here is that low class uneducated low-IQ people fall for every
marketing trick in the book, of which biometrics is transparently classic.

The _real_ thread is the Internet, where the iPhone, in particular, has
more zero-day Internet vulnerabilities than any Android phone ever built.

Apple is _desperate_ to get people to _feel_ safe (without being safe!).
So is Google, Samsung, et al., all of whom copy Apple's marketing gimmicks.

If you _feel_ that you need biometrics in order to feel safe, I ask you to
ask yourself the _adult_ question of why don't you trust your wife & kids?

Think about that question as if you own the mind of an adult.
*The real thread is _not_ physical access to your phone*

Biometrics are merely a gimmick that people who are desperate to _feel_
safe, fall for, so it doesn't matter whose gimmick is better after all.

THIS HAS BEEN AN ADULT OBSERVATION ASKING PEOPLE TO THINK ABOUT GIMMICKS.
--
Posted out of the goodness of my heart to disseminate useful information
which, in this case, is to get people to THINK about MARKETING GIMMICKS.

On 2023-02-27 13:11, Andy Burnelli wrote:
> sms wrote:
>
>> Snatch and grab of mobile phones is a big problem in some areas.
>
> Particularly if you live in the projects of the Bronx, across the river.

I love that in addition to being a huge poseur on technical matters...

....you're also an elitist asshole who thinks that crime only happens in
poor areas:

'Reyhan Ayas was leaving a Manhattan bar in November when a man snatched
her phone and ran off. '

sms <scharf.steven@geemail.com> wrote:
> Biometric Protection of Individual Apps
>
> “Snatch and grab” of mobile phones is a big problem in some areas. If
> the phone screen is locked then the risk of someone being able to access
> sensitive applications, like banking and shopping apps, is pretty low.
> But one type of snatch and grab is someone running or cycling past
> someone that is talking on their phone, or looking at maps or a web
> site, and grabbing an unlocked device. This opens up the possibility of
> substantial financial losses. See “Woman had $10,000 taken from bank
> account minutes after iPhone stolen” at
> <https://finance.yahoo.com/news/woman-got-locked-her-apple-163000848.html>.

Why did she not use lost mode?

> For most banking apps, you usually will need a separate passcode or
> biometrics to get to a screen

Correct. The thief won't have access to those, so there's no problem.

> where it then uses 2FA (the 2FA is
> essentially worthless of course because the SMS comes to the unlocked
> phone), but you'd need to enter the passcode to even get to the point
> where 2FA is sent.

If the app is already verified on the device there's no need for 2FA.

> What's needed is the ability to individually require biometrics, or a
> PIN, to open certain apps even when the phone screen is already unlocked.
>
> For Samsung Galaxy phones, this feature is built in, using "Secure
> Folder." Other Android device manufacturers with this feature are Asus,
> Huawei, Honor, OnePlus, Redmi, and Xiaomi (see How to lock apps on your
> Android phone to prevent unauthorized access
> <https://www.xda-developers.com/how-to-lock-apps-on-your-android-phone/>).
> Motorola, Google Pixel, Sony, and other Android devices do not have
> this feature built in.
>
> There are Android Apps like “AppLock”
> <https://play.google.com/store/apps/details?id=com.domobile.applockwatcher>
> which provide the same type of protection. Another way to achieve this
> capability, without the need for an app, is to create a separate
> Android user profile that contains apps that require additional security
> (bank accounts, shopping, etc.).
>
> Unfortunately, as “Learn how to passcode protect individual Android
> apps” states: "Unfortunately, Apple lags behind Android in this regard.
> Sure, you can lock your iPhone or iPad by setting a passcode or taking
> advantage of Touch ID and Face ID. Although some apps like Whatsapp have
> built-in lock mechanisms, Apple doesn’t offer any native feature that
> lets you lock apps."

False. All my sensitive apps have the ability to use FaceID on my iphone.
They also all default to a PIN if FaceID isn't available/enabled.

Any bank that doesn't do this should be ditched immediately.

I honestly cannot see how someone can lose thousands simply by having their
phone stolen. They must have turned off several security features. Which,
of course, they'll never admit to.

In article <ttjbgm$3cbvr$1@dont-email.me>, Chris <ithinkiam@gmail.com>
wrote:

> I honestly cannot see how someone can lose thousands simply by having their
> phone stolen. They must have turned off several security features. Which,
> of course, they'll never admit to.

the most common way is to start resetting passwords at the various
banks and other companies, who will send a code to the phone to
confirm, which the thief now has and will obviously confirm the change.
sometimes the bank sends an email, which the thief is also able to
read.

once that's done, they log in with the new password and start moving
money, changing shipping addresses and buying stuff or whatever else
they want to do.

note that this only happens in the ghettos, as our astute adult has
explained.

On 2023-02-27 14:40, Chris wrote:
> sms <scharf.steven@geemail.com> wrote:
>> Biometric Protection of Individual Apps
>>
>> “Snatch and grab” of mobile phones is a big problem in some areas. If
>> the phone screen is locked then the risk of someone being able to access
>> sensitive applications, like banking and shopping apps, is pretty low.
>> But one type of snatch and grab is someone running or cycling past
>> someone that is talking on their phone, or looking at maps or a web
>> site, and grabbing an unlocked device. This opens up the possibility of
>> substantial financial losses. See “Woman had $10,000 taken from bank
>> account minutes after iPhone stolen” at
>> <https://finance.yahoo.com/news/woman-got-locked-her-apple-163000848.html>.
>
> Why did she not use lost mode?

She DID.

Please read the article before you reply:

'Ayas said she was very frustrated at Apple continually asking: "Have
you tried 'Find My iPhone?'"

"Of course, I tried it like minute three, I tried it. Like, this is a
joke to you. My entire life is a shamble, yet you're still asking if I
tried it," she told Insider.'

Alan <nuh-uh@nope.com> wrote:
> On 2023-02-27 14:40, Chris wrote:
>> sms <scharf.steven@geemail.com> wrote:
>>> Biometric Protection of Individual Apps
>>>
>>> “Snatch and grab” of mobile phones is a big problem in some areas. If
>>> the phone screen is locked then the risk of someone being able to access
>>> sensitive applications, like banking and shopping apps, is pretty low.
>>> But one type of snatch and grab is someone running or cycling past
>>> someone that is talking on their phone, or looking at maps or a web
>>> site, and grabbing an unlocked device. This opens up the possibility of
>>> substantial financial losses. See “Woman had $10,000 taken from bank
>>> account minutes after iPhone stolen” at
>>> <https://finance.yahoo.com/news/woman-got-locked-her-apple-163000848.html>.
>>
>> Why did she not use lost mode?
>
> She DID.
>
> Please read the article before you reply:
>
> 'Ayas said she was very frustrated at Apple continually asking: "Have
> you tried 'Find My iPhone?'"

That's not the same thing. If that's meant to mean lost mode then that's
very poor reporting.

> "Of course, I tried it like minute three, I tried it. Like, this is a
> joke to you. My entire life is a shamble, yet you're still asking if I
> tried it," she told Insider.'
>
>

On 2023-02-27 16:21, Chris wrote:
> Alan <nuh-uh@nope.com> wrote:
>> On 2023-02-27 14:40, Chris wrote:
>>> sms <scharf.steven@geemail.com> wrote:
>>>> Biometric Protection of Individual Apps
>>>>
>>>> “Snatch and grab” of mobile phones is a big problem in some areas. If
>>>> the phone screen is locked then the risk of someone being able to access
>>>> sensitive applications, like banking and shopping apps, is pretty low.
>>>> But one type of snatch and grab is someone running or cycling past
>>>> someone that is talking on their phone, or looking at maps or a web
>>>> site, and grabbing an unlocked device. This opens up the possibility of
>>>> substantial financial losses. See “Woman had $10,000 taken from bank
>>>> account minutes after iPhone stolen” at
>>>> <https://finance.yahoo.com/news/woman-got-locked-her-apple-163000848.html>.
>>>
>>> Why did she not use lost mode?
>>
>> She DID.
>>
>> Please read the article before you reply:
>>
>> 'Ayas said she was very frustrated at Apple continually asking: "Have
>> you tried 'Find My iPhone?'"
>
> That's not the same thing. If that's meant to mean lost mode then that's
> very poor reporting.

Using "Find My" is the first step in putting an iOS device into lost
mode, you simpleton:

'Mark a device as lost in Find My on iPhone

Mark a device as lost

If your device is lost or stolen, you can turn on Lost Mode (for your
iPhone, iPad, iPod touch, Apple Watch, supported AirPods, or iPhone
Wallet with MagSafe), or lock your Mac.

Tap Devices at the bottom of the screen, then tap the name of the lost
device.'

<https://support.apple.com/en-ca/guide/iphone/iph7cc193cfc/ios>

Do you see what the first step there is, sunshine?

Note: Not interested in starting a flame thread in the iPhone newsgroup,
so I omitted it in my reply.

sms <scharf.steven@geemail.com> wrote:

> Biometric Protection of Individual Apps
>
> “Snatch and grab” of mobile phones is a big problem in some areas. If
> the phone screen is locked then the risk of someone being able to
> access sensitive applications, like banking and shopping apps, is
> pretty low. But one type of snatch and grab is someone running or
> cycling past someone that is talking on their phone, or looking at
> maps or a web site, and grabbing an unlocked device.

I remember reading about some prank where one person recorded the event
while a partner walked up to someone and slapped them hard in their
face. Well, assault would be another way of getting the phone.

> For Samsung Galaxy phones, this feature is built in, using "Secure
> Folder." Other Android device manufacturers with this feature are Asus,
> Huawei, Honor, OnePlus, Redmi, and Xiaomi (see How to lock apps on your
> Android phone to prevent unauthorized access

My phone will never have that. It's an LG made back in 2016, and
discontinued in 2019. I got 2 OS updates, and then nothing. In fact,
LG exited the smartphone industry altogether. I'm stuck on Android 8.0.
However, as with my old phone that got neutered when 2G got dropped, I
won't get rid of my current phone until 4G gets dropped (it doesn't
support 5G).

> There are Android Apps like “AppLock”
> <https://play.google.com/store/apps/details?id=com.domobile.applockwatcher>
> which provide the same type of protection.
Your mention of app protection jogged my memory. Seems I had that in
the past. Then I remembered: it was part of an anti-virus app. I
haven't used one for about 3 years, but I remembered it was Sophos
Intercept X. It has the feature to protect apps via password. I never
used it since I'd be nuisanced to keep entering a password every time I
wanted to use a protected app. I just checked, and auth methods are
pattern, PIN, password, and fingerprint. Fingerprint would be easy
enough. While I mention Sophos, I suspect other AV products have the
features, too.

If I was to add the app lock feature with biometric authentication
(fingerprint sensor), I'd go back to Sophos Intercept X Mobile than use
an app whose primary function is just to provide app locking. Sophos
had no ads, and why I used it versus others that had ads (e.g., Avast).
App Lock is adware.

Unfortunately Google doesn't provide a search filter that eliminates all
apps that are "ad supported", "contains ad", "offers in-app purchases"
(euphemisms for adware).

Alan <nuh-uh@nope.com> wrote:
> On 2023-02-27 16:21, Chris wrote:
>> Alan <nuh-uh@nope.com> wrote:
>>> On 2023-02-27 14:40, Chris wrote:
>>>> sms <scharf.steven@geemail.com> wrote:
>>>>> Biometric Protection of Individual Apps
>>>>>
>>>>> “Snatch and grab” of mobile phones is a big problem in some areas. If
>>>>> the phone screen is locked then the risk of someone being able to access
>>>>> sensitive applications, like banking and shopping apps, is pretty low.
>>>>> But one type of snatch and grab is someone running or cycling past
>>>>> someone that is talking on their phone, or looking at maps or a web
>>>>> site, and grabbing an unlocked device. This opens up the possibility of
>>>>> substantial financial losses. See “Woman had $10,000 taken from bank
>>>>> account minutes after iPhone stolen” at
>>>>> <https://finance.yahoo.com/news/woman-got-locked-her-apple-163000848.html>.
>>>>
>>>> Why did she not use lost mode?
>>>
>>> She DID.
>>>
>>> Please read the article before you reply:
>>>
>>> 'Ayas said she was very frustrated at Apple continually asking: "Have
>>> you tried 'Find My iPhone?'"
>>
>> That's not the same thing. If that's meant to mean lost mode then that's
>> very poor reporting.
>
> Using "Find My" is the first step in putting an iOS device into lost
> mode, you simpleton:

Find My does more than just enable lost mode. The correct question is "have
you enabled lost mode?" Just asking about Find My does not guarantee use of
lost mode. You're making an assumption, you ass.

>
> 'Mark a device as lost in Find My on iPhone
>
> Mark a device as lost
>
> If your device is lost or stolen, you can turn on Lost Mode (for your
> iPhone, iPad, iPod touch, Apple Watch, supported AirPods, or iPhone
> Wallet with MagSafe), or lock your Mac.
>
> Tap Devices at the bottom of the screen, then tap the name of the lost
> device.'
>
> <https://support.apple.com/en-ca/guide/iphone/iph7cc193cfc/ios>
>
> Do you see what the first step there is, sunshine?

That's pretty useless guide for someone who's had their phone stolen.

nospam <nospam@nospam.invalid> wrote:
> In article <ttjbgm$3cbvr$1@dont-email.me>, Chris <ithinkiam@gmail.com>
> wrote:
>
>> I honestly cannot see how someone can lose thousands simply by having their
>> phone stolen. They must have turned off several security features. Which,
>> of course, they'll never admit to.
>
> the most common way is to start resetting passwords at the various
> banks and other companies,

Except all bank apps have additional security - faceid or a PIN - so a
thief won't be able to get in and change stuff.

On 27 Feb 2023 at 8:26:28 PM, sms <scharf.steven@geemail.com> wrote:

> Biometric Protection of Individual Apps
>
> "Snatch and grab" of mobile phones is a big problem in some areas. If
> the phone screen is locked then the risk of someone being able to access
> sensitive applications, like banking and shopping apps, is pretty low.
> But one type of snatch and grab is someone running or cycling past
> someone that is talking on their phone, or looking at maps or a web
> site, and grabbing an unlocked device. This opens up the possibility of
> substantial financial losses. See "Woman had $10,000 taken from bank
> account minutes after iPhone stolen" at
> <https://finance.yahoo.com/news/woman-got-locked-her-apple-163000848.html>.
>
> For most banking apps, you usually will need a separate passcode or
> biometrics to get to a screen where it then uses 2FA (the 2FA is
> essentially worthless of course because the SMS comes to the unlocked
> phone), but you'd need to enter the passcode to even get to the point
> where 2FA is sent.
>
> What's needed is the ability to individually require biometrics, or a
> PIN, to open certain apps even when the phone screen is already unlocked.
>
> For Samsung Galaxy phones, this feature is built in, using "Secure
> Folder." Other Android device manufacturers with this feature are Asus,
> Huawei, Honor, OnePlus, Redmi, and Xiaomi (see How to lock apps on your
> Android phone to prevent unauthorized access
> <https://www.xda-developers.com/how-to-lock-apps-on-your-android-phone/>).
> Motorola, Google Pixel, Sony, and other Android devices do not have
> this feature built in.
>
> There are Android Apps like "AppLock"
> <https://play.google.com/store/apps/details?id=com.domobile.applockwatcher>
> which provide the same type of protection. Another way to achieve this
> capability, without the need for an app, is to create a separate
> Android user profile that contains apps that require additional security
> (bank accounts, shopping, etc.).
>
> Unfortunately, as "Learn how to passcode protect individual Android
> apps" states: "Unfortunately, Apple lags behind Android in this regard.
> Sure, you can lock your iPhone or iPad by setting a passcode or taking
> advantage of Touch ID and Face ID. Although some apps like Whatsapp have
> built-in lock mechanisms, Apple doesn't offer any native feature that
> lets you lock apps." Also, unlike Android, iOS doesn't yet allow
> multiple user accounts on one device so you can't use that method either
> (Apple does allow multiple accounts on iPads sold into the education
> market).
>
> For jailbroken iPhones there's the "BioProtect XS" Tweak which provides
> biometric protection for individual apps but of course you have to
> jailbreak your device to use that tweak.
>
> I have added this information to the document "52 iOS & iPhone Features
> Which [many] Android Users Wish they Had and 213 Android & Android
> Phone Features Which [many] iOS Users Wish they Had" at
> <https://docs.google.com/document/d/1JznrWfGJDA8CYVfjSnPTwfVy8-gAC0kPyaApuJTcUNE/>
> in 215a on page 104.

My Asus does all this without needing me to log into any Asus account.
But the Samsung method seems to require something called a Galaxy account.
Which of the methods you've described work w/o requiring any login account?
--
Cheers, Rob

nospam wrote:

> note that this only happens in the ghettos, as our astute adult has
> explained.

Most people always do _exactly_ what MARKETING feeds them to do, nospam.

Instead, *I use an intelligent approach to security*, nospam.

I don't live in the ghetto like you do and hence I'm not afraid of someone
snatching my phone out of my hands, or of my wife & kids using my phone.

*You apparently do not use an intelligent approach to security*

However, I care about threats, nospam... but I'm intelligent enough to
realize the bigger threat is _not_ physical access to my phone, nospam.

*The bigger threat is Internet access.*

Hence, if, perchance, I lose my phone, I've already utilized _adult_
processes, ahead of time, where needed, to protect any sensitive info.

If I lose my (free) Samsung Galaxy A32-5G, I simply lose the phone.

*If I lose the phone, I lose nothing but the physical phone itself.*

Any sensitive data such as medical and identifying data is encrypted.
There are no logins on the phone for the finder to log into, nospam.

*Sage consideration of threats is what intelligent adults do.*

Please try to comprehend the wisdom of what I've said before responding.
--
Posted out of the goodness of my heart to disseminate useful information
which, in this case, is to explain to nospam an intelligent approach.

On Mon, 27 Feb 2023 20:35:35 -0600, VanguardLH wrote:

> Unfortunately Google doesn't provide a search filter that eliminates all
> apps that are "ad supported", "contains ad", "offers in-app purchases"
> (euphemisms for adware).

When I search for an app from Android, I turn on the filter to remove "ad
supported" apps but I don't see a filter for "offers in-app purchases".

I just ran a search from my phone for "app lock" with two of the built-in
app search filters turned on to remove "apps with ads" and "paid" apps.

This search was also set for "API 31" and above, and resulted in these.
NordPass Password Manager
https://play.google.com/store/apps/details?id=com.nordpass.android.app.password.manager

Norton App Lock
https://play.google.com/store/apps/details?id=com.symantec.applock

WOT Mobile Security Protection
https://play.google.com/store/apps/details?id=com.wot.security

Private Zone - AppLock, Video
https://play.google.com/store/apps/details?id=com.htwk.privatezone

I'm not trying to proffer those apps but just telling you that if you know
how, you can filter on those two criteria (and a few more) from the phone.

However I agree with you that I don't know why they don't supply a built-in
"in-app purchases" filter option to also ignore apps with that feature.
--
[I filter out all Google Groups posts so if I don't reply, that may be why]

In article <ttkbhr$3i3k4$1@dont-email.me>, Chris <ithinkiam@gmail.com>
wrote:

> >> I honestly cannot see how someone can lose thousands simply by having their
> >> phone stolen. They must have turned off several security features. Which,
> >> of course, they'll never admit to.
> >
> > the most common way is to start resetting passwords at the various
> > banks and other companies,
>
> Except all bank apps have additional security - faceid or a PIN - so a
> thief won't be able to get in and change stuff.

face id/touch id is optional. a username/password is always available,
which has just been reset and the new info has been sent to the thief.

On 27 Feb 2023 at 8:26:28 PM, sms <scharf.steven@geemail.com> wrote:

> I have added this information to the document "52 iOS & iPhone Features
> Which [many] Android Users Wish they Had and 213 Android & Android
> Phone Features Which [many] iOS Users Wish they Had" at
> <https://docs.google.com/document/d/1JznrWfGJDA8CYVfjSnPTwfVy8-gAC0kPyaApuJTcUNE/>
> in 215a on page 104.

It's actually 187a on page 92 of the document (and it's 212 Android
feature). I had it in there already, but with less data, I updated 187a.

nospam <nospam@nospam.invalid> wrote:
> In article <ttkbhr$3i3k4$1@dont-email.me>, Chris <ithinkiam@gmail.com>
> wrote:
>
>>>> I honestly cannot see how someone can lose thousands simply by having their
>>>> phone stolen. They must have turned off several security features. Which,
>>>> of course, they'll never admit to.
>>>
>>> the most common way is to start resetting passwords at the various
>>> banks and other companies,
>>
>> Except all bank apps have additional security - faceid or a PIN - so a
>> thief won't be able to get in and change stuff.
>
> face id/touch id is optional.

Right so the user has disabled a security feature.

> a username/password is always available,

Nope. A PIN is the fallback in a banking app here.

After the PIN there may be an option to reset, but how does the thief know
the username/password? Plus any other memorable information required for a
reset?

> which has just been reset and the new info has been sent to the thief.

I mean, if banks allow a simple reset of a password without additional
security checks then they and their customers deserve losing money.

Michael <michael@spamcop.com> wrote:

> VanguardLH wrote:
>
>> Unfortunately Google doesn't provide a search filter that eliminates
>> all apps that are "ad supported", "contains ad", "offers in-app
>> purchases" (euphemisms for adware).
>
> When I search for an app from Android, I turn on the filter to remove
> "ad supported" apps but I don't see a filter for "offers in-app
> purchases".

I remember seeing that option in the past. I don't see it now.

> I just ran a search from my phone for "app lock" with two of the
> built-in app search filters turned on to remove "apps with ads" and
> "paid" apps.

I tried both my Windows desktop PC (using Firefox, and Edge which became
a Chrome variant) and my smartphone (using Firefox, Google Asst which
dumped me into the Play Store app, and Chrome). No filters.

> This search was also set for "API 31" and above,

I also see no option for selecting the "API" level.

> NordPass Password Manager
> https://play.google.com/store/apps/details?id=com.nordpass.android.app.password.manager

A password manager. No mention of app locking. Mentions biometric auth
on to their vault, but protecting password access is not the same as
protecting apps, especially since many don't require a password to load.

> Norton App Lock
> https://play.google.com/store/apps/details?id=com.symantec.applock

No mention of biometrics. Just another [master] password or pattern
lock. If I had to keep entering passwords or run my finger around the
screen every time I wanted to use an app, it would be a short time when
I got rid of the app locker.

> WOT Mobile Security Protection
> https://play.google.com/store/apps/details?id=com.wot.security

"Add a password to any app". No biometrics for easy of use.

> Private Zone - AppLock, Video
> https://play.google.com/store/apps/details?id=com.htwk.privatezone

Supports fingerprint for biometric auth.

> I'm not trying to proffer those apps but just telling you that if you know
> how, you can filter on those two criteria (and a few more) from the phone.

Too bad I don't see any filter choices. In fact, after doing a search
(using Play Store app on phone), there is a "Premium" button to show me
the payware apps.

> However I agree with you that I don't know why they don't supply a
> built-in "in-app purchases" filter option to also ignore apps with
> that feature.

I wish they also offered me a ad-sponsored filter, like what you get.

On 2/28/2023 8:20 AM, VanguardLH wrote:

<snip>

> I wish they also offered me a ad-sponsored filter, like what you get.

They could also provide a filter for "ad-free version available for
$xx." For many apps people would be happy to pay for an ad-free version
once they have determined that the app works and is useful.

If it's an app that doesn't require network access, and uses network
access only for serving up ads (many standalone games do this), on
Android you can prevent the app from having any network access. on iOS
you can prevent mobile data access but can't prevent it from having
Wi-Fi access (unless you jailbreak and use a tweak like "Conditional"
<https://ioshacker.com/cydia/conditional-tweak-lets-you-choose-which-apps-can-access-wi-fi-and-cellular-data>.

In article <ttl1ks$3kb0r$1@dont-email.me>, Chris <ithinkiam@gmail.com>
wrote:

> >>>> I honestly cannot see how someone can lose thousands simply by having
> >>>> their
> >>>> phone stolen. They must have turned off several security features. Which,
> >>>> of course, they'll never admit to.
> >>>
> >>> the most common way is to start resetting passwords at the various
> >>> banks and other companies,
> >>
> >> Except all bank apps have additional security - faceid or a PIN - so a
> >> thief won't be able to get in and change stuff.
> >
> > face id/touch id is optional.
>
> Right so the user has disabled a security feature.

nothing is disabled.

the app offers biometrics as a convenience but the user can still use a
password in the event biometrics doesn't work, which it won't for a
thief.

> > a username/password is always available,
>
> Nope. A PIN is the fallback in a banking app here.

yes, it's a fallback.

> After the PIN there may be an option to reset, but how does the thief know
> the username/password? Plus any other memorable information required for a
> reset?

they don't need to know anything. they contact the bank, confirmation
of the change is sent to the phone via text or email, and the thief,
who has said phone, confirms it. the bank doesn't know that the phone
was just stolen and someone other than the legitimate owner is in
control.

> > which has just been reset and the new info has been sent to the thief.
>
> I mean, if banks allow a simple reset of a password without additional
> security checks then they and their customers deserve losing money.

most banks have *horrible* security.

some banks use voiceprints, which was never a good idea even before the
event below. it's just a lot easier now.

<https://www.vice.com/en/article/dy7axa/how-i-broke-into-a-bank-account-
with-an-ai-generated-voice>
Banks in the U.S. and Europe tout voice ID as a secure way to log
into your account. I proved it's possible to trick such systems with
free or cheap AI-generated voices.

On 2023-02-27 23:43, Chris wrote:
> Alan <nuh-uh@nope.com> wrote:
>> On 2023-02-27 16:21, Chris wrote:
>>> Alan <nuh-uh@nope.com> wrote:
>>>> On 2023-02-27 14:40, Chris wrote:
>>>>> sms <scharf.steven@geemail.com> wrote:
>>>>>> Biometric Protection of Individual Apps
>>>>>>
>>>>>> “Snatch and grab” of mobile phones is a big problem in some areas. If
>>>>>> the phone screen is locked then the risk of someone being able to access
>>>>>> sensitive applications, like banking and shopping apps, is pretty low.
>>>>>> But one type of snatch and grab is someone running or cycling past
>>>>>> someone that is talking on their phone, or looking at maps or a web
>>>>>> site, and grabbing an unlocked device. This opens up the possibility of
>>>>>> substantial financial losses. See “Woman had $10,000 taken from bank
>>>>>> account minutes after iPhone stolen” at
>>>>>> <https://finance.yahoo.com/news/woman-got-locked-her-apple-163000848.html>.
>>>>>
>>>>> Why did she not use lost mode?
>>>>
>>>> She DID.
>>>>
>>>> Please read the article before you reply:
>>>>
>>>> 'Ayas said she was very frustrated at Apple continually asking: "Have
>>>> you tried 'Find My iPhone?'"
>>>
>>> That's not the same thing. If that's meant to mean lost mode then that's
>>> very poor reporting.
>>
>> Using "Find My" is the first step in putting an iOS device into lost
>> mode, you simpleton:
>
> Find My does more than just enable lost mode. The correct question is "have
> you enabled lost mode?" Just asking about Find My does not guarantee use of
> lost mode. You're making an assumption, you ass.

You still didn't read, asshole:

'However, Ayas said she'd already been locked out of her Apple account
by that time. "I didn't know what was going on," she told Insider.'

Once you've been locked out of your AppleID, you can't go on to the next
steps, dickhead.

>
>>
>> 'Mark a device as lost in Find My on iPhone
>>
>> Mark a device as lost
>>
>> If your device is lost or stolen, you can turn on Lost Mode (for your
>> iPhone, iPad, iPod touch, Apple Watch, supported AirPods, or iPhone
>> Wallet with MagSafe), or lock your Mac.
>>
>> Tap Devices at the bottom of the screen, then tap the name of the lost
>> device.'
>>
>> <https://support.apple.com/en-ca/guide/iphone/iph7cc193cfc/ios>
>>
>> Do you see what the first step there is, sunshine?
>
> That's pretty useless guide for someone who's had their phone stolen.
>

<https://www.icloud.com/find>

And you can use "Find My" on ANYONE's iOS device to find YOUR devices.

On Tue, 28 Feb 2023 10:20:45 -0600, VanguardLH wrote:

> I remember seeing that option in the past. I don't see it now.

My app search is set, by default, to search only for free apps with no ads.

> I tried both my Windows desktop PC (using Firefox, and Edge which became
> a Chrome variant) and my smartphone (using Firefox, Google Asst which
> dumped me into the Play Store app, and Chrome). No filters.

My search has a button for "persistent filter" so that if you tweak the
settings, you can decide if you want them to be permanent or to be reset.

>> This search was also set for "API 31" and above,
>
> I also see no option for selecting the "API" level.

It's there.
But it's on a different setting page than the typical normal filters.
That's probably why you don't see the options I can see.

For example, you can even set the filter to spoof your phone to a Pixel
(if it's not already a Pixel, of course) and it will show only Pixel apps.

> A password manager. No mention of app locking. Mentions biometric auth
> on to their vault, but protecting password access is not the same as
> protecting apps, especially since many don't require a password to load.

I wasn't selling you on those apps. I was just telling you that when you
set the filter to search for apps with no ads and apps that are free, those
popped up. A few others popped up too but I didn't check any of them out.

> No mention of biometrics. Just another [master] password or pattern
> lock. If I had to keep entering passwords or run my finger around the
> screen every time I wanted to use an app, it would be a short time when
> I got rid of the app locker.

I could have searched on more terms but I only searched for "app lock" but
you can add any search terms you like (eg you can add "fingerprint" to it).

> "Add a password to any app". No biometrics for easy of use.
> Supports fingerprint for biometric auth.

When I added biometrics to the search, more apps showed up like this one.

App Lock - Secure Your Apps
https://play.google.com/store/apps/details?id=com.systweak.applocker

> Too bad I don't see any filter choices. In fact, after doing a search
> (using Play Store app on phone), there is a "Premium" button to show me
> the payware apps.

I always have the payware filter on so no payware ever shows up but I agree
with you that I wish for a filter to filter out "in app purchase" apps.

> I wish they also offered me a ad-sponsored filter, like what you get.

Why don't you just download the search engine to your phone & try it?
https://auroraoss.com/
--
[I filter out all Google Groups posts so if I don't reply, that may be why]

sms <scharf.steven@geemail.com> wrote:

> VanguardLH wrote:
>
>> I wish they also offered me a ad-sponsored filter, like what you get.
>
> They could also provide a filter for "ad-free version available for
> $xx." For many apps people would be happy to pay for an ad-free version
> once they have determined that the app works and is useful.

That would be handy; however, a lot of app authors make more revenue
from showing ads in their apps than trying to sell their app. Ad
revenue exceeds sales revenue, so their inclined to never provide an
ad-free version of their app.

I ran into a couple of those. I liked the app, was willing to dole a
buck, or two, to get an ad-free version, but there was no ad-free
version. Dumped the app.

nospam <nospam@nospam.invalid> wrote:
> In article <ttl1ks$3kb0r$1@dont-email.me>, Chris <ithinkiam@gmail.com>
> wrote:
>
>>>>>> I honestly cannot see how someone can lose thousands simply by having
>>>>>> their
>>>>>> phone stolen. They must have turned off several security features. Which,
>>>>>> of course, they'll never admit to.
>>>>>
>>>>> the most common way is to start resetting passwords at the various
>>>>> banks and other companies,
>>>>
>>>> Except all bank apps have additional security - faceid or a PIN - so a
>>>> thief won't be able to get in and change stuff.
>>>
>>> face id/touch id is optional.
>>
>> Right so the user has disabled a security feature.
>
> nothing is disabled.
>
> the app offers biometrics as a convenience but the user can still use a
> password in the event biometrics doesn't work, which it won't for a
> thief.
>
>>> a username/password is always available,
>>
>> Nope. A PIN is the fallback in a banking app here.
>
> yes, it's a fallback.
>
>> After the PIN there may be an option to reset, but how does the thief know
>> the username/password? Plus any other memorable information required for a
>> reset?
>
> they don't need to know anything. they contact the bank, confirmation
> of the change is sent to the phone via text or email, and the thief,
> who has said phone, confirms it.

Who is "they"? If it's the thief how do they persuade the bank to reset? If
it's not the thief, so what? The thief has confirmation that a reset has
occurred but no actual information. Or banks send out passwords in plain
text emails?!

> the bank doesn't know that the phone
> was just stolen and someone other than the legitimate owner is in
> control.

Right. Which is why banks need random "customers" to confirm who they are
via series of a challenge-response questions.

>
>>> which has just been reset and the new info has been sent to the thief.
>>
>> I mean, if banks allow a simple reset of a password without additional
>> security checks then they and their customers deserve losing money.
>
> most banks have *horrible* security.

I can believe that in the US.

> some banks use voiceprints, which was never a good idea even before the
> event below. it's just a lot easier now.

That's not what we're talking about here.

>
> <https://www.vice.com/en/article/dy7axa/how-i-broke-into-a-bank-account-
> with-an-ai-generated-voice>
> Banks in the U.S. and Europe tout voice ID as a secure way to log
> into your account. I proved it's possible to trick such systems with
> free or cheap AI-generated voices.
>

Michael <michael@spamcop.com> wrote:

> On Tue, 28 Feb 2023 10:20:45 -0600, VanguardLH wrote:
>
>> I remember seeing that option in the past. I don't see it now.
>
> My app search is set, by default, to search only for free apps with no ads.
>
>> I tried both my Windows desktop PC (using Firefox, and Edge which became
>> a Chrome variant) and my smartphone (using Firefox, Google Asst which
>> dumped me into the Play Store app, and Chrome). No filters.
>
> My search has a button for "persistent filter" so that if you tweak the
> settings, you can decide if you want them to be permanent or to be reset.
>
>>> This search was also set for "API 31" and above,
>>
>> I also see no option for selecting the "API" level.
>
> It's there.
> But it's on a different setting page than the typical normal filters.
> That's probably why you don't see the options I can see.
>
> For example, you can even set the filter to spoof your phone to a Pixel
> (if it's not already a Pixel, of course) and it will show only Pixel apps.
>
>> A password manager. No mention of app locking. Mentions biometric auth
>> on to their vault, but protecting password access is not the same as
>> protecting apps, especially since many don't require a password to load.
>
> I wasn't selling you on those apps. I was just telling you that when you
> set the filter to search for apps with no ads and apps that are free, those
> popped up. A few others popped up too but I didn't check any of them out.
>
>> No mention of biometrics. Just another [master] password or pattern
>> lock. If I had to keep entering passwords or run my finger around the
>> screen every time I wanted to use an app, it would be a short time when
>> I got rid of the app locker.
>
> I could have searched on more terms but I only searched for "app lock" but
> you can add any search terms you like (eg you can add "fingerprint" to it).
>
>> "Add a password to any app". No biometrics for easy of use.
>> Supports fingerprint for biometric auth.
>
> When I added biometrics to the search, more apps showed up like this one.
>
> App Lock - Secure Your Apps
> https://play.google.com/store/apps/details?id=com.systweak.applocker
>
>> Too bad I don't see any filter choices. In fact, after doing a search
>> (using Play Store app on phone), there is a "Premium" button to show me
>> the payware apps.
>
> I always have the payware filter on so no payware ever shows up but I agree
> with you that I wish for a filter to filter out "in app purchase" apps.
>
>> I wish they also offered me a ad-sponsored filter, like what you get.
>
> Why don't you just download the search engine to your phone & try it?
> https://auroraoss.com/

One, looks like you are logged into a Google account in order to
establish your settings, and have them remembered on your next visit.

Two, I was using the search box at play.google.com, not some 3rd-party
search engine which you didn't divulge until now. I use Startpage as
the default search engine in Firefox, so I'm not using Google (well,
Startpage submits the search criteria to Google, but blocks the
tracking). I'm not sure I want to substitute Google's Play Store web
page for searching for apps.

Thanks for the suggestion of using Aurora, but I'll pass on that. Wish
you had mentioned you were using a different front-end to Google's Play
Store search which would've eliminated me hunting around for options
that aren't available.