I have been using applocker for a while....but applocker just hides the shortcuts instead of actually password protecting applications...
In this case, the hidden applications can still be opened some or the other way. For example, if I hide the Conversations application, It can still be opened via the phone application, i.e, click contact and create sms. This doesnt offer true privacy.

Instead, can an application be developed which runs in the background as a daemon or process...which can trigger a password prompt when a locked application is launched? This is a better solution in terms of privacy as it truly "locks" the selected application from launching in any way, rather than just hiding the application icon from the menu.

Usage scenario: a friend or neighbor borrows your phone....but you dont want them to see your personal data such as your contacts, conversations, e-mails, etc

A similar application is available for Symbian, Advanced Device Locks.....I hope a previous symbian user knows this.

So any kind developers here who would create such an application for maemo??

Also note, the application lock daemon should launch everytime on phone boot and should also trigger a password prompt when trying to uninstall..

I hope such an application can be developed. Or maybe if applocker can be modified to run this way.

To be really secure, it should be based on TrueCrypt or similar.
Having every application installed in its own TrueCrypted virtual disk and (un)mounting them with passwords of groups of passwords.

Edit:
"passwords of groups of passwords."

What I mean by this, is every virtual disk (application) has its own automatically randomly generated strong password. There is a applock-password manager, where one can make any number and combination of groups of passwords and then give some own password for every group.

Also there is one master root-password which would open all passwords in the manager and would give ability to create/modify/destroy groups.

When some group is "opened" with the group-password, then the applock-password-manager would mount the corresponded TrueCrypted virtual disks with the passwords of that group. The system would unmount them optionally with selected timeout or manually.

Actual application binaries and their private resource datafiles are in these crypted virtual disks. In /usr/bin/ there is a softlink to the real program inside the virtual disk:
ln -s /mnt/applock/someapp/usr/bin/someapp /usr/bin/someapp

To be really practical, a package manager should support this system.

Also integrating SELinux or apparmor to this would not hurt. Every application would really run in its own sandbox and potential trojan horses couldn't mess outside of their sandbox.

Idea (c) GPLv3

To be really secure, it should be based on TrueCrypt or similar.
Having every application installed in its own TrueCrypted virtual disk and (un)mounting them with passwords of group of passwords.

Edit:
"passwords of group of passwords."

What I mean by this, is every virtual disk (application) has its own automatically randomly generated strong password. There is a password manager, where one can make any number and combination of groups of passwords and then give some own password for every group.

Also there is one master root-password which would open all passwords in the manager and would give ability to create/modify/destroy groups.

When some group is "opened" with the group-password, then the password-manager will mount the corresponded TrueCrypted virtual disks. Would unmount them optionally with selected timeout or manually.

Actual application binaries and their private resource datafiles are in these crypted virtual disks. In /usr/bin/ there is a softlink to the real program inside the virtual disk:
ln -s /mnt/applock/someapp/usr/bin/someapp /usr/bin/someapp

To be really practical, a package manager should support this system.

Idea (c) GPLv3

Idea is great. but please note the usage scenario I mentioned, for such a case, encryption isnt really necessary.
Your idea may be useful, for example, when we give the devide to a service centre or someone who is an expert in the maemo commant line..
The usage scenario I mentioned are the "common" people who needs a "GUI" for everything.

By the way, why isnt there a truecrypt application for the N900 (apart from the command-line tool, something with a GUI) I've heard of the easycrypt frontend for maemo, but that I believe is for the N8x0 devices..

Idea is great. but please note the usage scenario I mentioned, for such a case, encryption isnt really necessary.
Your idea may be useful, for example, when we give the devide to a service centre or someone who is an expert in the maemo commant line..
The usage scenario I mentioned are the "common" people who needs a "GUI" for everything.

If application launch dbus signals could be intercepted before they reach their destination (until approved by the locking app), it could be enough to prevent launching an application from the UI... Unless there's an application which calls the binaries directly... or allows defining and running custom shell commands.

It could work for this purpose, but it definitely could not be called secure.

The usage scenario I mentioned are the "common" people who needs a "GUI" for everything.


Never underestimate the "common" people.
The famous "script kiddies" are those "common" people also, and all those owners of zombie bots in the DDOS-botnetworks.

Never underestimate the "common" people.
The famous "script kiddies" are those "common" people also, and all those owners of zombie bots in the DDOS-botnetworks.

:-) I'm not underestimating common people.....I was referring to the particular scenario.....a person in your vicinity who borrows the phone, for example, a friend or neighbor who borrows our phone to listen to music, but gets a bit curious or "nosey" and tries to peek into our conversations or emails. And thats when the hidden background process identifies that a protected application is being opened and prompts the user to enter a password to "open" the particular application, the password which our nosey friend doesnt know.

This is the basic requirement. But what app locker does is, simply hide the shortcut to the selected application from the menu and isnt even aware of whether the application is opened or not.

I hope you got my point. This is the most basic requirement. A hidden daemon which runs in the background and identifies when a protected application is being opened and triggers a password prompt to continue. Here, encryption isnt really necessary. Moreover, this basic requirement may be easier for a developer to start with. Features like on-the-fly encryption which may require lots of programming and time to implement may be added later in an update.

:-)

Getting an app like this will be like a scientist getting a nobel peace prize. Sorry, couldn't think of another suitable analogy.

Getting an app like this will be like a scientist getting a nobel peace prize. Sorry, couldn't think of another suitable analogy.

I'm not a programmer, so please correct me if I'm wrong.

The basic idea for such an application would be a frontend like applocker which maintains a list of all the applications on the phone and the basic algorithm for the daemon would be..

If selected application = protected application

trigger password prompt

else, launch application

if entered password is correct, launch the application
else, display "Incorrect password" and terminate the appication before launch.

I'm not a programmer, this may not be this easy or my idea may be incorrect. Please do correct me.

Actually, if Maemo5 (or Meego will) would support SELinux, pretty secure system could be done much more easily and without having (slowish and battery consuming) multiple TrueCrypted virtual disks.

The above TrueCrypt based sandboxing would be like recreating SELinux again but with little different features and by different methods.

If the root-user can decrypt every virtual disk anyway through the applock-password-manager, then just having everything else but /boot in one single crypted volume and having enforced SELinux policy would be better system, because SELinux has extra features.

To port SELinux to maemo5 is doable and would benefit in many other use cases.

Then one could just give and drop priviledges as a root user in xterminal (or in SELinux Policy GUI) before one gives a phone to a neighbour.

Would it be possible to hack Maemo to make it a multi-user environment?

After all, Maemo is Linux and it comes with all the tools for multi-user access control that are standard in linux. By default, there is just one interactive user "user". However, I'm sure you can modify the configuration files and add other users with a different home directory.

It can work like this: Each additional user get its own home directory. They get read permissions to "opt" and a symbolic link from their directory, and read+write permissions to a specific directory within MyDocs. They do not get permissions to install any new applications. They can run any existing application, but it would use different data (different phonebook, conversations etc.).

You can have an app for switching users, requiring a password. After using it, the user can choose which user to login to after the next restart.

Just an idea.

By the way, why isnt there a truecrypt application for the N900 (apart from the command-line tool, something with a GUI) I've heard of the easycrypt frontend for maemo, but that I believe is for the N8x0 devices..
It would be easy to make a Queen Becon Widget (http://wiki.maemo.org/Queen_BeeCon_Widget) (QBW) script for mounting/unmounting crypted disks. I haven't searched, maybe there already is one.

The basic idea for such an application would be a frontend like applocker which maintains a list of all the applications on the phone and the basic algorithm for the daemon would be..

If selected application = protected application

trigger password prompt

else, launch application

if entered password is correct, launch the application
else, display "Incorrect password" and terminate the appication before launch.

I'm not a programmer, this may not be this easy or my idea may be incorrect. Please do correct me.

The current AppLocker works hiding the desktop shortcut for the application. I suggested to the developer a different approach: replace the program executable path in the desktop shortcut with one of the AppLocker with some parameter to identify the original program. When selected a window is showed requesting the password....if correct, the program is started.

But the developer didn't like it....

Don't get why the developed didn't like it. That said, I would implement this at the Hildon-Desktop or Hildon-whatever level - that way you don't have to rewrite pieces of the .desktop files every time you set the program to be short-cut protected or not.

The problem is we already have so many Hildon Desktop mods, some of which are incompatible, that this approach may lead to annoyances for everyone who can't figure out how to pull the upstream changes they want together into their own source to compile, or who can't get the hildon-desktop pre-compiled that they want.

I hope some developer would show an interest in this. I'm really waiting to see such an app.

The problem is most Linux-capable developers, I think either want real security (in which case what's proposed just doesn't do enough), or they just don't care about securing their phones, and to someone who's worth their salt at programing, having a password protection system on the shortcut to the app doesn't actually automatically feel like it's really preventing anything.

If I could code it I would. Right now I'm trying to set up a good Virtual Machine Linux image and get Scratchbox installed in it. Then starting to learn C and Python and going from there. But it'll be a while before I can do what's being asked. (Possibly months)

The problem is most Linux-capable developers, I think either want real security (in which case what's proposed just doesn't do enough), or they just don't care about securing their phones, and to someone who's worth their salt at programing, having a password protection system on the shortcut to the app doesn't actually automatically feel like it's really preventing anything.

If I could code it I would. Right now I'm trying to set up a good Virtual Machine Linux image and get Scratchbox installed in it. Then starting to learn C and Python and going from there. But it'll be a while before I can do what's being asked. (Possibly months)

Wow, thanks a lot for showing your support. I can wait for months. :D
I guess its time I should also start brushing up my knowledge in C\C++ and should start learning python. I wish I could also contribute to the community some day.

This topic about locking/hiding applications and password protecting it has been pretty much discussed and debated to death. I don't think we should waste anymore time in waiting for someone to create such an app. If it was something in high demand then it would have already been implemented by more than 1 person. So I think the overall message is, no one cares enough to want to have such an app or they just can't be bothered with it.

Trust me, I'm all up for such an app but I dont have enough time to start learning a "language" or "programme" to have this implemented. I can only hope someone picks it up and does something about it. Till then I'll just try and do what I can to make sure it doesn't get abused in the wrong hands.

I can't even replace icons to suit to my taste, let alone create a whole new app with GUI and all the shabang !!!

The problem with the sufficient demand implies implementation logic is that it doesn't work in a non-capitalist society. Or rather, it doesn't work in a society where sufficient demand from the wanting group can't be converted into rewards for the capable-of-making-it-happen group.

This is a mainly open source ecosystem. People who make applications make them because they see them as useful or good, or because they want something like that themselves.

Which is why the above notion is flawed: there can be a shitload of demand for something - if the people capable of programming it aren't interested or don't think it's worth doing, they won't. And as I said above, it seems that most devs on here, being familiar enough with Linux, know that the password protected app locking just isn't secure enough to be truly secure.

The one guy that seems to have wanted that kind of against-the-non-persistent-casual-user protection did make an app for it - (s)he just preferred the hide instead of password prompt approach. That doesn't mean that there isn't as many people wishing for password prompt.

In fact, the very fact that it's been "discussed and debated to death" shows there's demand, or people wouldn't keep bring it up.

Have been a frequent offline visitor. Back after a break. :)
Had to dig this thread up from the grave. I've seen other threads requesting for the same.
I'm not a developer & have almost zero skills in programming.
So I'm bringin this request up again.

i am also requesting some thing like that in my last symbian device it was called "advanced device lock" and believe me it was damm ussful i am searching the net for something like that for my n900 but cudnt find one till date so request any programer here can do that for users like me i will be very very greatfull

Also boosting this thread.
That one person who claims there is no demand is just dead wrong.

Many of us are waiting for a true applocker.
It is just a fact that private information is TOO EASILY accessible.Conversations for instance.Even when you do not intend to snoop or be curious ,you can accidently open it and half of your message are read already.

I am not trying to hide secret information about world domination.So no need for a super sophisticated and complicated app with all kinds of whistles and bells that would give hackers (that my nemesis,in search of my world domination plans,recruited offcourse) a headache.
We simply want more controll over private information stored on the n900.
We just want the abbility to put a password on an app for when someone else is using or phone for a very short period of time to lets say..play a game or something.

Many of us are seeking such an app,could someone pls help us out.....

Ok, total newbie on the board but found my way here for this very purpose. Had somewhat of a close-call with a family member (who loves my N900 due to the retro emulators it has) clicking into my file browser out of curiosity. He was caught before he could click into the .private folder but something that could password protect photos/videos would be pretty much the best solution ever...

@rated,

If it's only data (not programs) you care about, you can always set-up an extra partition on your sd card (o a loop partition on Mydocs, whatever) with all your p0rn and mount it on demand.

You want to let somebody use your phone? umount the p0rn partition first.