[launcher] Can re-order and un-pin launcher items and launch apps while phone is locked

phablet@ubuntu-phablet:~$ cat /etc/ubuntu-build
40
phablet@ubuntu-phablet:~$ cat /etc/device-build
20140908-d8c11f3

krillin

This is worse that I originally though since you can actually *launch* any app on the launcher without unlocking the phone. You can't see it, but it is running (unlocking confirms this).

You can also re-order the launcher icons.

To start an app:

1) Swipe left to show launcher.
2) Keeping finger down in (1) long press an app icon in the launcher.
3) Remove both fingers from screen.
4) Swipe left to show launcher again.
5) Launcher should remain on screen allowing you to touch an app icon to launch it. See attached.

Note sure if this is also a bug (I think it is), but in testing this, I have inadvertantly managed to delete the system settings icon by moving it. It seems the operation failed as shown in the screenshot.

That failed operation has seemingly corrupted a list somewhere since now touching my gmail icon actually launches system settings (spoofing potential here). Attached screenshot shows this.

I think much of this is by design. The security team doesn't consider launching apps behind the lockscreen a security issue. These apps are subjected to application lifecycle and will not continue running. However, the other behaviors may be bugs-- I'll ask someone to comment.

Added an Ubuntu UX task. Some guidance on how you feel about reordering / un-pinning icons when screen is locked would be nice.

I know we've separately talked about launching apps being acceptable. So I'll adjust bug title to match current open question.

Personally, I'm happy for the lock screen to show date+time but I would prefer everything else to be hidden (or ateast hideable with a system-setting) until the phone is unlocked.

The majority of users may not mind if the notification bar is displayed when the screen is locked (Android does this), but I think it would be prudent to add an option to hide this as some users/customers will prefer to minimise any privacy leakage (particularly if we grow the scope of the notification bar in the future).

Regarding the launcher:

1) What is the use-case for wanting to launch an app when the phone is locked?
2) What is the use-case for wanting to re-order the icons when the phone is locked?

I don't believe users would be happy if either of the above actions could occur on a desktop system, so why allow it on Touch?

If nothing else, allowing such features increases the probability of pocket-dialing-type issues ("I left the phone in state X but now I come to unlock the phone it's mysteriously in state Y. What happened?")

Update to #6: rebooting the phone brought back the original set of icons such that touching system-settings launches the correct app and ditto for gmail.

There is already an option in System Settings (Security & Privacy tab somewhere) that lets you disable the launcher and indicator pulldown. So you can have the locked down experience you want. The question is what is allowed when those options are enabled (as they are by default).

The use case for launching apps from the lockscreen is that as a user, you think "oh I want to go to facebook", click facebook, we start the app in the background so that once you enter your passcode, it's sitting there ready. Again, Design and Security have already talked about this feature and were planning to leave it as is. Please let's not have a title-editing fight over this.

The use case for re-ordering apps is *likely to be* (Design hasn't actually chimed in) that the person doing the re-ordering is overwhelmingly likely to be the owner, rather than some malicious attacker that just loves to re-order your icons.

Ah thanks - didn't know about those options! Disabled both now :-)

> The use case for launching apps from the lockscreen is that as a user, you think "oh I want to go to facebook",
> click facebook, we start the app in the background so that once you enter your passcode, it's sitting there ready.
> Again, Design and Security have already talked about this feature and were planning to leave it as is.
> Please let's not have a title-editing fight over this.

The fact that I raised this bug demonstrates that I was not aware of these discussions. Personally, I cannot see a huge benefit in allowing this behaviour. Maybe if a particular app is very slow to start and/or if a user has a particularly long pass-phrase this could be marginally useful?

But to counter that, what if you have an app that sucks down huge amounts of data on startup and a nefarious user starts the app without your knowledge when you happen to put your phone down for a minute? That would be more than a little annoying if 3G charges applied. It could be argued that the risk of that scenario playing out is small, but nevertheless the potential is there.

> The use case for re-ordering apps is *likely to be* (Design hasn't actually chimed in) that the person doing the
> re-ordering is overwhelmingly likely to be the owner, rather than some malicious attacker that just loves to re-order
> your icons.
Again, I personally don't see that feature as particularly compelling, hence I've turned it off :)

If these features are perceived as generally useful are we planning on introducing them to desktop Ubuntu?

Regardless of whether we decide to leave these features as enabled or not, maybe we should ensure they form part of the initial setup wizard?

Again, I'll let Design chime in properly, but my understanding is that just because the phone UI is one way, doesn't necessarily imply we want the desktop to act the same. There are some fundamentally different use cases (phone is overwhelmingly owned and operated by one person, always on you, etc).

But yeah, let's wait on Design.

unity8 waiting for design -> Incomplete

It is by design that user can launch and reorder apps in the launcher and access indicator menus even if the device is locked. For those users who are concerned about their privacy and security there are settings in the system settings to disable their usage when device is locked.

I don't think there is anything to be done for this bug anymore.