[IMPROVEMENT] Warn when exporting SRP #3547
Conversation
|
CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes. |
andreahaku
added
Code Impact - Medium
andreahaku
changed the title
andreahaku
force-pushed
the
feature/reveal_srp_ui_update
branch
from
ffbb950 to
c65dec6
Compare
andreahaku
added
needs-qa
plasmacorral
removed
the
needs-qa
plasmacorral
added
QA in Progress
Is 9. still a problem? |
There was a problem hiding this comment.
Tap and hold to reveal functionality is not currently working on android. I have directly shared state logs and an android bug report. On iOS the button can be tapped and held to reveal SRP.
Will pause further QA tests until there are some changes made for the android build.
plasmacorral
added
QA'd - Issues Found
plasmacorral
added
QA in Progress
Yes. Its a problem in that the expectation is set for the user that the clipboard will be purged after 60 seconds, but that is still not happening. There is suspicion that this may be a limitation within android and if that's the case, we will at least need a copy update before this can be merged. @andreahaku is planning to investigate this further and will advise on our path forward. |
plasmacorral
added
QA'd - Issues Found
There was a problem hiding this comment.
Can confirm that (2) is addressed and functioning on both iOS and Android.
(9) is still a concern that I would not approve merging in the current state. For android devices we wither need to adjust the copy to remove the 60 second clipboard purge, or figure out how to make it more effective. I can still copy/paste well after 60 seconds.
I am still experiencing (3) sporadically. I suspect that it has to do with sensitivity to the position of where the user is touching and holding. If I am slow and deliberate with a consistent pressure, everything seems to work fine. However, if there is variation in the pressure applied or even a slight of shift of the held position, the hold is released even if the finger/stylus is not picked up.
I further explored this after changing Settings>Accessibility>Touch & hold delay. I tested short, medium and long. Changing the settings did not notably change the experience.
As-is, I could accept that I am not executing the "ideal" tap and hold with consistent pressure in the exact same position. However, I am curious if within the app we can adjust the sensitivity for the button and make this more user friendly? If I am aggressive or punchy with my tap, the button does not respond as a (this) user might hope.
Below are footage and recent logs for (3):
https://recordit.co/oziYihVwnm
State logs:
MetaMask State logs - v4.1-1.0 (816).zip
Android bug report:
bugreport-guamna_t-RZAS31.Q2-146-14-5-2022-02-22-17-17-12-1.zip
|
@bschorchit @plasmacorral There's not way to set the "sensibility" for the touch on touchable items on RN. |
Looks good to me! Thanks, Andrea! |
…aMask/metamask-mobile into feature/reveal_srp_ui_update
There was a problem hiding this comment.
Observations 1,2,4,5,7, & 9 have been fixed and verified.
Observation 8 is out of scope for this change
Observation 6 appears throughout the app and is not a blocker here
Observation 3 is something I still occasionally experience, but I believe it to be related to variable position/pressure in the held tap and do not consider it to be a blocker.
With all that said, this is my approval.
plasmacorral
added
QA Passed
Description
Goal: Reduce exposure of SRP.
Intended effect: Users do not share their SRP with phishers/attackers.
User Story: https://www.notion.so/Warn-me-about-risks-when-I-m-exporting-my-seed-phrase-f610550a8c464240a46880b06ebbdc42
Design: https://www.figma.com/file/8z4Csc3wlOIkUz2OP1eTZW/Secure-UX-Improvements?node-id=44%3A1391
Metrics: https://docs.google.com/spreadsheets/d/1hxWnGzJI_8pfa8CwDqqoWAwkzuTyx6AukkmRBl3asC0/edit#gid=1224808665
Checklist
Issue
Resolves #3544