Open petro-i opened 3 years ago
hpoul
commented
3 years ago the difference is that this plugin encrypts data using a key which is stored in the keystore. While afaik local_auth just tells you to that a user is authenticated.
I don't think your feature request is currently possible. See https://github.com/authpass/biometric_storage/issues/11#issuecomment-694551105
If you find a solution, feel free to open a PR.
petro-i
commented
3 years ago Sorry but from security point of view "loacal_auth + flutter_secure_storage == this plugin", so, no added value (( See how it should be done in right way on android StackOverflow, iOS is different story.
hpoul
commented
3 years ago @totalerex feel free to do so
beheobong
commented
2 years ago Any update?
hpoul
commented
2 years ago @beheobong the only news being, that after refactoring away from androidx.security i think this is actually possible, since we support per-use authentication.. But it needs some good assert checks (ie use duration must be <= 0). Feel free to submit a PR
Current behavior is that on adding/changing fingerprint/faceId the data securely stored is not deleted/invalidated. So basically anyone knows phone password can use app developed with this plugin, but it is not the same as knowing password/secret of the user of the app.
On new fingerprint added data securely stored must not be accessible (key invalidated).
Please fix, because of this issue I cannot see real difference between this Plugin and local_auth.