Passcode does not remove DocumentsProvider roots right away and app access persists #6882
Description
When activating the passcode in app settings, to prevent all local access to Nextcloud files, the DocumentsProvider stops to advertise storage roots. This is fine in principle. However, the system is not notified about this change, so the roots stay available:
See the docs:
If this set of roots changes, you must call
ContentResolver.notifyChange(Uri, android.database.ContentObserver, boolean)withDocumentsContract.buildRootsUri(String)to notify the system.
This does currently not happen when the app gets locked. There's only a notification when an account gets created or removed.
Note that outgoing persisted Uri permissions will continue to be available to other apps which is good for UX, but it is debatable whether this is a security issue as well.
As for UX, users don't seem to understand that other apps will not be able to interact with Nextcloud's DocumentsProvider when enabling the passcode feature (e.g. seedvault-app/seedvault#82).
One idea to solve this is to at least educate the users when activating this feature. There could be a confirmation dialog when they toggle the switch. Other ideas for how to address this are welcome.