search

MetaMask / metamask-mobile

Mobile web browser providing access to websites that use the Ethereum blockchain
https://metamask.io
Other
2.16k stars 1.12k forks source link

[Bug]: Biometrics prompt appearing in password input after wallet is locked during update #10371

Open plasmacorral opened 3 months ago

plasmacorral commented 3 months ago

Describe the bug

Initially observed in a QA build of a feature branch migration test from v7.24.4 (1354) as indicated here. Confirmed today to exist when migrating from QA build of v7.24.4 to nightly QA build of main from July 18. Looks like this was introduced within v7.27.0 build (1364), but is not observed when migrating from v7.24.4 (1354) to v7.26.1 build (1360).

Recommendation: Suppress the biometric icon in the password input box after an upgrade if the user upgraded while the wallet was locked. This will prevent user confusion and ensure a consistent experience.

Expected behavior

EXPECTED Behavior: When a user locks the wallet while using biometric authentication for MetaMask, they are required to use the password for the subsequent unlock. The biometric icon is NOT shown in the password input box when locking the wallet before the application is updated.

The desired experience can be observed migrating from v7.24.4 to v7.26.1.

OBSERVED Behavior: After locking the wallet and upgrading from v7.24.4 to anything v7.27.0+, the biometric icon appears in the password input box but does not function for unlocking.

Screenshots/Recordings

Stills:

Prior to v7.27.0 on the Left, and current state on the Right:

Recordings: Desired recording v7.24.4 (1354) to v7.26.1 (1360).

Failure recording from v7.24.4 (1354) to v7.27.0 (1364)

Steps to reproduce

  1. Have device with biometric auth supported and active
  2. Import SRP or create wallet on v7.24.4 (1354) and authorize biometrics
  3. Get to wallet view
  4. Go to settings>lock and confirm
  5. Note login screen shows no biometric icon in password entry box
  6. Update app to v7.27.0 (1364) or later
  7. Launch updated app
  8. Note biometric icon present but not responsive

Error messages or log output

No response

Detection stage

In production (default)

Version

7.27.0

Build type

None

Device

Multiple

Operating system

iOS, Android

Additional context

Impact User Experience: This inconsistency can cause confusion, frustration, and panic. Risk Assessment: Presenting the biometric icon without functionality does not increase the risk of funds loss. Users will either unlock with their password or reset the wallet using their SRP backup.

Severity

After locking the wallet it is the expectation that the user created password is required to unlock. At issue here is the presentation of the biometric icon when it is not intended to allow the wallet to be unlocked if the user locked the wallet prior to updating the app, and remains unresponsive to user interaction.

gauthierpetetin commented 3 months ago

Hi @plasmacorral , was it on purpose that release-7.27.0 was added? (in theory, it is meant to indicate the issue got fixed in release 7.27.0)

plasmacorral commented 3 months ago

@gauthierpetetin Was a mistake on my part and just corrected. I should have used or created regression-prod-7.27.0, but it may not have existed at the time. Will keep this in mind going forward.

gauthierpetetin commented 3 months ago

Nice, thanks @plasmacorral !

hesterbruikman commented 2 weeks ago

Ownership to be discussed

sethkfman commented 2 weeks ago

When the wallet is explicitly locked there should be NO icon. This is a minor UI bug.