1.20 Ensure 'Ask for unlock pattern/PIN/password before unpinning' is set to Enabled

Information

Unpinning should require re-authentication.

Rationale:

Your might lend your device to a friend or anyone else for carrying out a single task such as
make an emergency phone call or play a game. You should use screen pinning in such a
situation. It locks the users to the particular screen that you handed over the device with.
Users cannot use the device outside of that application until the screen is unpinned.
Unpinning screen should require re-authentication.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Follow the below steps to enable Ask for pattern/PIN/password before unpinning:

1. Tap the Settings Gear Icon.
2. Tap Security & Location.
3. Tap Screen pinning.
4. If you are using Screen Pinning, then toggle Ask for pattern/PIN/password
before unpinning setting to On position.

Impact:

None

Default Value:

By default, if you enable Screen pinning, then Ask for pattern/PIN/password before
unpinning setting is also enabled if you have previously chosen to lock your device with a
pattern, PIN or password. If you have previously chosen to not lock your device, you would
be required to set it up by tapping Lock device when unpinning after enabling Screen
pinning.

See Also

https://workbench.cisecurity.org/files/2076