Folks
I am developing a HTML5 mobile app for my company which can action a transaction against someones stored credit card profile. The next stage of the project is to go ‘native’.
I manage (one of the) the security implications of this by expiring the session so if they are away for a while they need to re-login – the usual thing.
My marketing team is insistent that ‘people hate having to login all the time’ and I’ve explained the security implications of doing so. My gut feeling is that since most simple apps keep you logged in people are getting used to being logged in all the time. I’m not going to allow you to stay logged in on a browser.
However – on a phone its different.
I’m certain that a large proportion of people lock their phones – but many dont.
My question is: Do Iphone or Android phones allow you to tell if the user has ‘screen lock’ on, thereby allowing you to rely on that as an added security barrier?
I’m fairly new to Stack Overflow so go easy on me.
For iOS, the short answer is no. Apple does not provide a method that determines whether the user has a passcode set or not.