I followed up to look for a trustworthy app lock app for android. Among all the options on PlayStore, the most trustworthy name to me seems to be Norton App Lock (Norton is after all a publicly traded fortune 500 company, specializing in security). It’s a free app that does only app locking, inside of the app they advertise other Norton services/apps to download, but they don’t force them on you.
The Norton App lock app requests "permissions: for:
- Device Administrator
- Accessibility Services
- Draw over other apps
- Internet permissions (standard for all apps)
- Camera, contacts, phone, storage.
The app won’t work if you deny permision 2 or 3. All the other permissions can be denied/restricted and the app still works (I’d recommend enabling 1 along with 2 and 3 but no others).
Device administrator permission (1) might sound scarier than accessibility services permission (2), but it’s actually the other way around (at least in terms of potential for abuse… accessibility services is a lot worse).
Device administrator permission (1) is used by Norton to help prevent the app from being uninstalled, and in general administrator access can only be used to apply restrictions / policies, but not for spying type activities.
Accessibility services permission (2) is used by Norton app to help do its function, but in general accessibility services could be used to see everything you do on your phone and to control your phone as if the app developer was holding it in their own hands (it’s a scary permission, be careful with it)
Draw over other apps permission (3) helps Norton app lock hide the newly-launched app, and in general could be used for deception to hide warnings or trick you into tapping something you shouldn’t.
Permissions 2 and 3 are intrusive and abuse-able, but again Norton seems trustworthy.
Regarding “permission” 4 (internet access), I disabled internet access for the Norton app (via Netguard) and the Norton app seems to work fine without accessing the internet.
Regarding the permissions on 5 (Camera, contacts, phone, storage.), I did not grant any of them and the app works fine.
You can set the app up for pin (up to 4 digits) or pattern (not as secure) or biometrics or some combination. I set it up for PIN only. Within the Norton app you select the other apps which will be protected by PIN (they will all be protected by the same PIN). You can set up so that once a pin is entered for an app, you can freely keep going into that app up until the next screen off (after which time you have to enter PIN again).
One thing I don’t know (I’m really curious), how many incorrect attempts would result in lockout. EDIT - experiment showed that after 5 incorrect entries I have to wait 60 seconds before further PIN entries can be attempted.
When you launch a protected app and the PIN screen appears, it plainly says Norton App lock on that screen (I think that’s a google requirement), so that an attacker is going to know what app is causing the pin lock and therefore he’ll know he has to remove Norton to gain access to his target app. Norton advises to include the settings app as pin protected so the attacker can’t get to that (presumably to disable admin access). BUT on my Samsung phone the settings app is not reliably protected by the Norton pin (it’s intermittent, sometimes I can get all the way in to disable Norton admin permission). All the other apps I tried are reliably/consistently protected by the Norton PIN. Maybe there is something unique about the Samsung settings app that causes this behavior.
On my phone the Norton App is now set up to pin protect the following apps: Norton (itself), settings, cryptomator, Google Play, file managers, my TOTP app, and my more critical browser (I already segregate my activites among browsers anyway). It’s all the same PIN, so locking more apps doesn’t mean you have to remember more PINs. Arguably my email, text messages, and phone apps are just as important, but I access email/text/phone so often that it would be too inconvenient to pin-protect those.
I don’t think a separate Android pin-lock app is as good as a pin built into the app (it means we have to trust another app, and it has some potential weaknesses like in my case the settings app vulnerability). But in absence of a pin lock built into the app, it’ll have to do.
I looked for open source options too. The only open source I found was AppLock on Fdroid, but that appears not to be current / maintained, so I didn’t bother with that.