From edb4907bf5060b29c4035637efe2fe68ef991c03 Mon Sep 17 00:00:00 2001
From: Philipp Crocoll <crocoapps@gmail.com>
Date: Tue, 29 Jul 2025 10:53:02 +0200
Subject: [PATCH] add option to disable QuickUnlock blocking behavior, closes
 #2960

---
 src/keepass2android-app/PasswordActivity.cs            | 10 ++++++----
 src/keepass2android-app/QuickUnlock.cs                 |  2 +-
 src/keepass2android-app/Resources/values/config.xml    |  1 +
 src/keepass2android-app/Resources/values/strings.xml   |  2 ++
 .../Resources/xml/pref_app_quick_unlock.xml            |  8 ++++++++
 src/keepass2android-app/app/App.cs                     |  1 +
 6 files changed, 19 insertions(+), 5 deletions(-)

diff --git a/src/keepass2android-app/PasswordActivity.cs b/src/keepass2android-app/PasswordActivity.cs
index 9cd6d54b..54374e28 100644
--- a/src/keepass2android-app/PasswordActivity.cs
+++ b/src/keepass2android-app/PasswordActivity.cs
@@ -1425,18 +1425,20 @@ namespace keepass2android
 			App.Kp2a.SetQuickUnlockEnabled(cbQuickUnlock.Checked);
             App.Kp2a.ScreenLockWasEnabledWhenOpeningDatabase =
                 (((KeyguardManager)GetSystemService(Context.KeyguardService)!)!).IsDeviceSecure;
+			App.Kp2a.QuickUnlockBlockedWhenDeviceNotSecureWhenOpeningDatabase = PreferenceManager.GetDefaultSharedPreferences(this)
+		        .GetBoolean(GetString(Resource.String.QuickUnlockBlockedWhenDeviceNotSecure_key), true);
 
-            if ((_loadDbFileTask != null) &&  (App.Kp2a.OfflineMode != _loadDbTaskOffline))
+            if ((_loadDbFileTask != null) && (App.Kp2a.OfflineMode != _loadDbTaskOffline))
 			{
-                if (App.Kp2a == null)
+				if (App.Kp2a == null)
 					throw new NullPointerException("App.Kp2a");
 				//keep the loading result if we loaded in online-mode (now offline) and the task is completed
 				if (!App.Kp2a.OfflineMode || !_loadDbFileTask.IsCompleted)
 				{
 					//discard the pre-loading task
-					_loadDbFileTask = null;	
+					_loadDbFileTask = null;
 				}
-				
+
 			}
 
 			//avoid password being visible while loading:
diff --git a/src/keepass2android-app/QuickUnlock.cs b/src/keepass2android-app/QuickUnlock.cs
index 4a8b35fa..dd120953 100644
--- a/src/keepass2android-app/QuickUnlock.cs
+++ b/src/keepass2android-app/QuickUnlock.cs
@@ -175,7 +175,7 @@ namespace keepass2android
                 App.Kp2a.Lock(false);
             };
 
-            if (App.Kp2a.ScreenLockWasEnabledWhenOpeningDatabase == false)
+            if (App.Kp2a.ScreenLockWasEnabledWhenOpeningDatabase == false && App.Kp2a.QuickUnlockBlockedWhenDeviceNotSecureWhenOpeningDatabase)
             {
 				FindViewById(Resource.Id.QuickUnlockForm).Visibility = ViewStates.Gone;
                 FindViewById(Resource.Id.QuickUnlockBlocked).Visibility = ViewStates.Visible;
diff --git a/src/keepass2android-app/Resources/values/config.xml b/src/keepass2android-app/Resources/values/config.xml
index e5c3a97c..30b58fd4 100644
--- a/src/keepass2android-app/Resources/values/config.xml
+++ b/src/keepass2android-app/Resources/values/config.xml
@@ -123,6 +123,7 @@
 	<string name="QuickUnlockLength_default">3</string>
 	<string name="QuickUnlockIconHidden_key">QuickUnlockIconHidden_key</string>
 	<string name="QuickUnlockIconHidden16_key">QuickUnlockIconHidden16_key</string>
+	<string name="QuickUnlockBlockedWhenDeviceNotSecure_key">QuickUnlockBlockedWhenDeviceNotSecure_key</string>
 	
 	<string name="UsageCount_key">UsageCount</string>
 	<string name="LastInfoVersionCode_key">LastInfoVersion</string>
diff --git a/src/keepass2android-app/Resources/values/strings.xml b/src/keepass2android-app/Resources/values/strings.xml
index 6c4f3c87..acea8843 100644
--- a/src/keepass2android-app/Resources/values/strings.xml
+++ b/src/keepass2android-app/Resources/values/strings.xml
@@ -330,6 +330,8 @@
   <string name="QuickUnlockIconHidden_summary">QuickUnlock unfortunately does not work without displaying a notification icon. Select this option to use a transparent icon.</string>
   <string name="QuickUnlockIconHidden16_title">Hide QuickUnlock icon</string>
   <string name="QuickUnlockIconHidden16_summary">QuickUnlock requires a notification to work properly. Select this option to display a notification without an icon.</string>
+  <string name="QuickUnlockBlockedWhenDeviceNotSecure_summary">Block entering the QuickUnlock key if the device is not secured by screen lock. This prevents shoulder surfing attacks. Only disable this option if you understand the risk. Note that QuickUnlock can still be used with biometrics.</string>
+  <string name="QuickUnlockBlockedWhenDeviceNotSecure_title">Block QuickUnlock when device is not secure</string>
   <string name="QuickUnlockLength_title">Length of QuickUnlock key</string>
   <string name="QuickUnlockLength_summary">Maximum number of characters used as QuickUnlock password.</string>
   <string name="QuickUnlockHideLength_title">Hide QuickUnlock length</string>
diff --git a/src/keepass2android-app/Resources/xml/pref_app_quick_unlock.xml b/src/keepass2android-app/Resources/xml/pref_app_quick_unlock.xml
index 5c676c5f..dedab5e0 100644
--- a/src/keepass2android-app/Resources/xml/pref_app_quick_unlock.xml
+++ b/src/keepass2android-app/Resources/xml/pref_app_quick_unlock.xml
@@ -26,6 +26,14 @@
 		android:defaultValue="false"
 		android:title="@string/QuickUnlockIconHidden_title"
 		android:key="@string/QuickUnlockIconHidden_key" />
+	<CheckBoxPreference
+		android:enabled="true"
+		android:persistent="true"
+		android:summary="@string/QuickUnlockBlockedWhenDeviceNotSecure_summary"
+		android:defaultValue="true"
+		android:title="@string/QuickUnlockBlockedWhenDeviceNotSecure_title"
+		android:key="@string/QuickUnlockBlockedWhenDeviceNotSecure_key" />
+
 	<CheckBoxPreference
 		android:enabled="true"
 		android:persistent="true"
diff --git a/src/keepass2android-app/app/App.cs b/src/keepass2android-app/app/App.cs
index db78a794..23c45362 100644
--- a/src/keepass2android-app/app/App.cs
+++ b/src/keepass2android-app/app/App.cs
@@ -352,6 +352,7 @@ namespace keepass2android
 		}
 
 		public bool ScreenLockWasEnabledWhenOpeningDatabase { get; set; }
+		public bool QuickUnlockBlockedWhenDeviceNotSecureWhenOpeningDatabase { get; set; }
 
 
         public bool QuickUnlockEnabled { get; private set; }