1

So, i`m trying to check from my application if my device has any type of protection when user tries to unlock it. What it means. I need to know if device could be unlocked without graphical (numeric) key for mobile devices. For desktop devices in I need to know if current user has password. Is it possible in general for both cases (mobile and PC)?

user2106927
  • 13
  • 2
  • I have no idea, but it feels like it would be a security concern to give an application information about the security of the device. – dckuehn Sep 22 '16 at 15:46
  • 1
    @dckuehn: *"it feels like it would be a security concern to give an application information about the security of the device"* - How exactly? Would you also have concerns accessing a resource over *https*, just because that protocol openly admits the precise protocol of it's security implementation? Would you have concerns telling someone, that you need a PIN to get money from an ATM? Would you feel uneasy when telling your friends, that you have to use a login and password to access your mail account? – IInspectable Sep 22 '16 at 15:56
  • For the ATM example, if there were options other than a PIN, I might not want to tell someone I've chosen to use a PIN over other types of security. Same for the email example. But if I give my phone to someone I don't trust and I tell them that I use a pattern instead of a password, I would be uncomfortable. That doesn't make a huge amount of sense because they'd likely figure that out just turning on the device, but if my distrust friend is an application, I think the example holds water. – dckuehn Sep 22 '16 at 16:30
  • @IInspectable if I tell someone that my computer is encrypted with a PIN instead of a password, yes I'd be uncomfortable. The examples you mentioned don't tend to have other options for security. – dckuehn Sep 22 '16 at 16:31
  • @dckuehn: That's not what the OP is after, though. They just want to know, whether the device is secured by certain authentication implementations. – IInspectable Sep 22 '16 at 16:34
  • @dckuehn @IInspectable I`ve found similar Android issue and is has solution. Please look at http://stackoverflow.com/questions/7768879/check-whether-lock-was-enabled-or-not – user2106927 Sep 22 '16 at 16:38
  • To be clear, I have absolutely no official training in security, so I don't really know what I'm talking about. It just felt off, but the other answer seems to be clear that what OP is after is possible. – dckuehn Sep 22 '16 at 16:41
  • If you do read the answers to that Android question, you'll quickly find out, that most of them use undocumented implementation details, and few seem to work with Android 6.0. And that's a different platform anyway, so it has no bearing on UWP. – IInspectable Sep 22 '16 at 17:39

1 Answers1

0

On PC seems there is no method to detect if a password is set for the user account, but there is method to check if a Pin is set using KeyCredentialManager.IsSupportedAsync | isSupportedAsync method, you can check the official KeyCredentialManager sample, the PassportAvailableCheck() method in the SignIn.xaml.cs file.

For PC, Pin is a higher level security, it can be set only if a password is set and there could have other security policies. On mobile there is no password, if a Pin is set, it can be detected.

This topic belongs to the Security part of UWP apps, here are some good documents for example Create a Microsoft Passport login app, Fingerprint biometrics. They may not be able to fully solve your problem, but you can see what we can do and not be able to do in UWP app from these documents.

Grace Feng
  • 16,564
  • 2
  • 22
  • 45
  • Hi Grace, I'm interested in setting a Device lock PIN, the same you can set via `Settings \ Accounts \ Sign-in Options \ Set a PIN` for users in my domain on a special network segment (I understand all the reasons why one shouldn't do this). Is there an API which handles setting the PIN? I know I can control the password but haven't found any way to control the PIN. – FoxDeploy Mar 07 '17 at 19:34