How to change PIN in Secure Settings Pin/Password action from within APP that was exported from tasker.

[Palo B]

I have been struggling to figure out a way to create a app that would allow a user to change the PIN/Password using the Secure Settings Password/Pin action from within a running app that was created using the export to app from within tasker.

 

[Joseph Richman]

I imagine you'd use a scene to set a variable. Now what I don't know is if said variable could be passed to Secure Settings. If you can pass it from Tasker to Secure Settings then the issue is whether or not apps made from tasker can use tasker plugins.  I imagine as long as the app can use plugins then the app could pass the information to Secure Settings as well in the same that Tasker does.

[Palo B]

That is the problem. I can not pass variable to Secure Settings (that I know off) but since the original application runs under tasker, I can easily change the pin directly in the code, but when the app is exported to the executable app, there is no way to change the code.

[Cptnodegard]

10000 If conditions :D

[Joseph Richman]

This would be a Secure Settings issue then. You should talk with the developers of Secure Settings about accepting variables passed to the PIN/PASS option when using Secure Settings.

[Vikesh Dhatterwal]

Sorry, for hijacking this post. But I got stuck and saw this post, so thought you might know the answer.

I can manually set using the plugin config screen, but I wanted to set the PIN using a variable.

On Tuesday, October 22, 2013 at 12:02:13 AM UTC+5:30, Palo B wrote:

I can easily change the pin directly in the code

Can you please show me how to set PIN using code (eg battery percentage two times 8383)?

[John Doe]

Using variables or text is a security hole. First of all on previous android versions it's quite easy to sniff the intents so you could grab the password. Second, you let Tasker know your password. We trust Pent obviously but you could use other "host" apps with the same plugin. In general it's better to keep it secret. Third: if you put your password in a task it could be "shared" when you export a task or project, it's not what you want. It's clear that the password can be encrypted however it's better to avoid to send it in broadcast. Just my two cents.

From Locale guide:

"When saving a plug-in instance, the plug-in Activity MUST NOT store private information—such as login credentials—in EXTRA_BUNDLE. Doing so would constitute a serious security flaw because Android allows any application with the GET_TASKS permission to read the Intent sent by the host to a plug-in Activity through ActivityManager.getRecentTasks(int, int). If a plug-in needs to store login credentials, there are more secure implementations. Remember that each app on Android with a unique digital signature will run in its own sandbox. To improve security of private data, such as usernames and passwords, only minimal information needs to be passed to the host via EXTRA_BUNDLE. For example, consider a hypothetical plug-in setting that posts a Tweet to Twitter. It could store OAuth credentials in a SharedPreference file private to the plug-in and only returns the non-private Tweet message via EXTRA_BUNDLE."