App asking for biometric while it's not enabled

[agonist]

Steps

How to reproduce on Android:

• Install and launch the app while having biometric enabled
• Disable biometric from the phone
• The app will now ask for biometric every time and I have no way to disable that from the app.

Expected

When app starts, user is not asked for biometric, they are sent straight to PIN code

Actual

App asks for biometric

Additional Information

I saw Android fingerprint screen yesterday and it was unclear what to do - the text was off saying something like "loading wallet" and the screen showed a fingerprint icon at the bottom. Text needs to change to something more reasonable.

Testing

Test the following cases on Android:

• [ ] Device does not have biometric hardware -> should show PIN code field only
• [ ] Device has biometric but it's not enabled -> should show PIN code field only, no error dialog prompting user to enable biometric
• [ ] Device has biometric enabled when user signs up, later disables it -> should show PIN code field only, no error messages
• [ ] Device has biometric and it is enabled -> should accept biometric in lieu of PIN

[pdahlberg]

Perhaps a stupid question, but how do you disable biometrics? I have a Pixel XL with Android 10 and there only seems to be the option to remove fingerprints. I can't find any way to totally disable the feature on the phone.

[agonist]

You don't really disable it but instead, remove all registered fingerprint. I tested, registering a fingerprint because I'm not using that usually. After that every app propose me fingerprint auth (with backup to pin code if you want). After I remove the fingerprint, everything related to fingerprint disappeared except in Seeds.

[pdahlberg]

Ah I see! Thanks for noticing that 👍

[n13]

I got a weird message when installing it on the android simulator for the first time - might be the same bug.

I entered a pin code, then it asked me for a fingerprint . Hmm.. but it recovered.

[agonist]

it seems like the lib that checks if fingerprints is available always return true n matters if you have a fingerprint added in your settings or not. Might be a tricky one ....

[agonist]

Well I guess we're not the only one https://github.com/flutter/flutter/issues/45497 ....

[n13]

^^^ good find! That ticket contains a workaround for fingerprint... applicable?

[pdahlberg]

Yeah that lib is missing at least two use cases. We want to know if the user has a fingerprint or face added, not if the device supports it as you both have mentioned. And also we want to be able to detect if the fingerprint/face has changed to know if we should take action like require the private key again (like you mentioned you've seen in other wallet apps Nik).

[n13]

@divyanshub024 These are some alternatives I found

For fixing this bug these might help and resolve the issue we could see if these libraries provide a better option

I have tried the alternative library but wasn't able to make it work because I still don't really understand how blocs work - or maybe because the library didn't work, hard to tell. Overall I find futures more manageable - I understand them and they're easy to debug.

That being said the alternative has a way to customize error dialogs, and also a way to hide error dialogs - so to not show an error dialog when the fingerprint has been disabled on the device should at least in theory be possible. Alternative lib used by a password manager app https://github.com/authpass/biometric_storage

All [local_auth] Pull requests https://github.com/flutter/plugins/pulls?q=is%3Apr+is%3Aopen+%5Blocal_auth%5D

[pdahlberg]

The alternative lib looks promising. Have you tested it in any way?

[n13]

The alternative lib looks promising. Have you tested it in any way?

No. @divyanshub024 is going to take a look

[n13]

@gguijarro-c-chwy did this it's been merged