This is a bit of a security FYI:
iOS: 17.4.1
Companion App: 2024.4
Should the companion app require the iPhone to be unlocked to run an action?
When an iOS shortcut is created for a Companion App action (i.e. the action has a Siri voice activation prompt) it’s possible to activate the action when the iPhone is locked. To do this the iPhone must be set up with “Press Side Button for Siri” enabled.
Pressing the side button for Siri bypasses the voice recognition that the iPhone uses when saying “Hey Siri.”
For example, if you have a Shortcut triggered by “unlock the door”, anyone with the phone can hold the side button to activate Siri and run “unlock the door” even when the phone is locked.
“Hey Siri, unlock the door” requires voice recognition.
And swiping right on the lock screen to show the Companion App widget and pressing the “Open the Door” action will require the phone to be unlocked.
Disabling “Press Side Button for Siri” (Setting => Siri & Search) and using “Hey Siri” is one work-around.
Could (should?) the Companion App check that the phone is unlocked[1] before running the action?
I’m kind of surprised that the iPhone Shortcuts app doesn’t have a setting to require unlocking the phone before running a shortcut.
[1] Maybe also allow if using CarPlay and phone is locked.