When to show a lock screen (iOS mobile app)
I'm part of a team working for a client on a business iPhone app that has an optional 'passcode lock' feature.
One of the screens shows a list of saved items that may contain sensitive information. If the user enables and sets a passcode lock elsewhere in the app, they will be prompted to enter the passcode when navigating to the list screen.
Once the user has entered their passcode correctly, they would expect not to have to re-enter it until ... when? What actions should trigger the need to re-enter their passcode if they navigate to the list screen again?
- (a) Navigating to a different screen in the app?
- (b) Switching to a different app?
- (c) Locking the phone screen (with or without a device-level passcode lock)?
- (d) Force-quitting the app?
- (e) Restarting the phone?
My guess is that most users would expect all of the above except (a), and that this would represent a good compromise between convenience and security. However, I wondered whether there were any best practice guidelines or research around this kind of situation?
Background Info
Users who don't use the app for sensitive information won't want to lock the app at all, so the feature needs to be optional.
Users who already have a device-level passcode lock on their phone may or may not want an additional lock on the app.
The in-app lock feature has been requested by the client to cater for occasional app users for whom the only sensitive data on their phone would be in this app. Whilst they may want to protect the information in the app, they may not want to have to enter a passcode each time they pick up the phone to make a call or use the phone's web browser, so a device-level passcode lock may not be appropriate for them.