[Epic] Exclude Insecure Devices - Awareness & Rollout to All

[mxandreas]

Problem
As part of the invisible crypto initiative, devices which are insecure (aka unverified) will be excluded from sending & receiving messages. The corresponding work has been done, but is currently behind a feature toggle in the apps (Exclude insecure devices when sending/receiving messages). This is because it is a disruptive change to users who have not verified (all of) their devices.

Objective
The objective of this epic is to be able to turn that feature toggle ON in all Element clients with as little friction and surprises for users as possible. This mainly involves awareness activities (such as relevant blogposts) and banners/toasts in the apps which either inform users to verify their device or to set up recovery (to be ready to verify any new devices in the future).

The provisional date for excluding insecure devices is July 1st, 2025.

Pre-requisites

Preview Give feedback

1. Replace the "Encryption" settings with a new settings tab element-web#26468
   2 of 9
   A-E2EE A-E2EE-Key-Backup T-Defect +3
2. https://github.com/element-hq/crypto-internal/issues/408
3. https://github.com/element-hq/crypto-internal/issues/398
4. Exclude Insecure Device | First message sent after an identity reset can sometimes be flagged as sent from insecure device #2697
   +0
5. Option to exclude insecure devices for Olm traffic, to be consistent with megolm sharing? matrix-org/matrix-rust-sdk#4147
   encryption +1

Stories

Preview Give feedback

1. Public communication in blogs / FAQ to provide background & instructions for end users
2. Prompt EW users to turn on key storage (on a verified device)
3. Prompt EW users to set up recovery (on a verified device)
4. Prompt EW users periodically to verify the device
5. Show a permanent banner in Element "classic" mobile apps to verify the device
6. Make verification mandatory on EW at login
7. Force devices to be verified element-web#28464
   A-E2EE T-Feature +2