Open EdinsonNM opened 4 years ago
hpoul
commented
4 years ago this is weird, i never had such a problem with fingerprint on s9+ - which android version are you using? have you experienced this problem also on other devices? maybe some way to reproduce it on the simulator?
(fwiw, Face ID is apple's name.. i think on android it's just a boring face recognition..)
EdinsonNM
commented
4 years ago Exactly, it's face recognition :) I tried different model of samsung devices and the library returned the same problem. Face recognition option does not appear in a simulator :(
I tried with: Samsung Galaxy S10 + (android 10) Samsung Galaxy A7 (android 10)
This problem only occurs with face recognition, with finger sprint everything works fine
EdinsonNM
commented
4 years ago Is it possible to disable face recognition on android? I still get error when I use face reconigtion. sometimes face recognition works, other times it returns error :(
Exception has occurred. PlatformException (PlatformException(AuthError:Unknown, Unexpected authentication error. User not authenticated, android.security.keystore.UserNotAuthenticatedException: User not authenticated android.security.keystore.UserNotAuthenticatedException: User not authenticated at android.security.KeyStore.getInvalidKeyException(KeyStore.java:1595) at android.security.KeyStore.getInvalidKeyException(KeyStore.java:1725) at android.security.keystore.KeyStoreCryptoOperationUtils.getInvalidKeyExceptionForInit(KeyStoreCryptoOperationUtils.java:54) at android.security.keystore.KeyStoreCryptoOperationUtils.getExceptionForCipherInit(KeyStoreCryptoOperationUtils.java:89) at android.security.keystore.AndroidKeyStoreCipherSpiBase.ensureKeystoreOperationInitialized(AndroidKeyStoreCipherSpiBase.java:265) at android.security.keystore.AndroidKeyStoreCipherSpiBase.engineInit(AndroidKeyStoreCipherSpiBase.java:109) at javax.crypto.Cipher.tryTransformWithProvider(Cipher.java:2984) at javax.crypto.Cipher.tryCombinations(Cipher.java:2891) at javax.crypto.Cipher$SpiAndProviderUpdater.updateAndGetSpiAndProvider(Cipher.java:2796) at javax.crypto.Cipher.chooseProvider(Cipher.java:773) at javax.crypto.Cipher.init(Cipher.java:1143) at javax.crypto.Cipher.init(Cipher.java:1084) at com.google.crypto.tink.integration.android.AndroidKeystoreAesGcm.encrypt(AndroidKeystoreAesGcm.java:64) at com.google.crypto.tink.KeysetHandle.encrypt(KeysetHandle.java:180) at com.google.crypto.tink.KeysetHandle.write(KeysetHandle.java:157) at com.google.crypto.tink.integration.android.AndroidKeysetManager.write(AndroidKeysetManager.java:385) at com.google.crypto.tink.integration.android.AndroidKeysetManager.readOrGenerateNewKeyset(AndroidKeysetManager.java:350) at com.google.crypto.tink.integration.android.AndroidKeysetManager.<init>(AndroidKeysetManager.java:133) at com.google.crypto.tink.integration.android.AndroidKeysetManager.<init>(AndroidKeysetManager.java:96) at com.google.crypto.tink.integration.android.AndroidKeysetManager$Builder.build(AndroidKeysetManager.java:208) at androidx.security.crypto.EncryptedFile$Builder.build(EncryptedFile.java:172) at design.codeux.biometric_storage.BiometricStorageFile.buildEncryptedFile(BiometricStorageFile.kt:67) at design.codeux.biometric_storage.BiometricStorageFile.readFile(BiometricStorageFile.kt:105) at design.codeux.biometric_storage.BiometricStoragePlugin$onMethodCall$6$1.invoke(BiometricStoragePlugin.kt:192) at design.codeux.biometric_storage.BiometricStoragePlugin$onMethodCall$6$1.invoke(BiometricStoragePlugin.kt:76) at design.codeux.biometric_storage.BiometricStoragePlugin$onMethodCall$4$1.invoke(BiometricStoragePlugin.kt:159) at design.codeux.biometric_storage.BiometricStoragePlugin$onMethodCall$4$1.invoke(BiometricStoragePlugin.kt:76) at design.codeux.biometric_storage.BiometricStoragePlugin$authenticate$prompt$1$onAuthenticationSucceeded$$inlined$ui$1.run(BiometricStoragePlugin.kt:290) at android.os.Handler.handleCallback(Handler.java:883) at android.os.Handler.dispatchMessage(Handler.java:100) at android.os.Looper.loop(Looper.java:237) at android.app.ActivityThread.main(ActivityThread.java:8016) at java.lang.reflect.Method.invoke(Native Method) at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:493)
EdinsonNM
commented
4 years ago Please let me know if you have any solution for this.
hpoul
commented
4 years ago @EdinsonNM nope, sorry i also haven't been able to reproduce it. have you been able to get this error in the android emulator as well?
EdinsonNM
commented
4 years ago The problem only occurs with samsung facial recognition, it is not possible to test it on the emulator. Attached a link to a video with the error. https://drive.google.com/file/d/1X9yMtF9_tyS4rV2uVOqDuzWytq27kEwY/view?usp=sharing
EdinsonNM
commented
3 years ago Hi, I found this info about the problem https://stackoverflow.com/questions/55634812/biometricprompt-crashes-on-samsung-s9-with-face-unlock
maybe you could return an error message for this problem.
hpoul
commented
3 years ago @EdinsonNM that is very interesting, thanks for sharing, I have to take a closer look. I think I also did not realise that this is a face-unlock specific problem. I have never used Face Id before. Can you use both, face Id and fingerprint? because in your original screenshot it looked more like a fingerprint prompt, then a face id prompt? (and.. if you can use both at the same time, do you also get this exception when you use the fingerprint?)
EdinsonNM
commented
3 years ago Hi @hpoul , The error only happens when I select face recognition on my samsung device
radvansky-tomas
commented
3 years ago Same here s9, latest android
hpoul
commented
3 years ago @radvansky-tomas your s9 has face unlock? 🤔️
radvansky-tomas
commented
3 years ago Yes, with fingerprint it works fine...with face unlock it shows dialog and ask me to press confirm button...then fails with exception provided above by @EdinsonNM
hpoul
commented
3 years ago @radvansky-tomas lol thanks, now i've discovered that i have face unlock on my phone 😅️ but still can't reproduce the problem :-/ (galaxy s9+) (btw. face unlock is waaaaayyyyy slower than fingerprint.. i have to tap 2 times, while fingerprint i just rest my finger on the back of the phone 🤷️ .. anyhoo.. did this happen from the beginning or started this after a while? have you tried to remove face unlock and add it again?
radvansky-tomas
commented
3 years ago I think it worked fine on android9 and stopped recently with new flutter release & android 10 (and 11 sdk)
hpoul
commented
3 years ago @radvansky-tomas it shouldn't have anything to do with flutter.. so it's also not working if you completely remove old data, (including your face unlock settings from the phone) and reinstall from scratch?
radvansky-tomas
commented
3 years ago No this does not help @hpoul
And its most likely related to samsungs and their access to keystore: https://stackoverflow.com/questions/54598752/samsung-devices-os-9-0-throw-android-security-keystoreexception-key-user-not-a
And thats because:
I had this same issue when attempting to use the BiometricPrompt APIs to authenticate users into my app. I reached out to Samsung technical support and they confirmed that Samsungs face recognition is not secure enough to unlock the Android Keystore.
This makes sense since the current Samsung Galaxy devices (S8, S9, S10) do not have the necessary hardware to do 3D imaging of a face (rumor has it that the Pixel 4 will). This reminds me of Samsungs first fingerprint implementation, on the S5 I believe, that did not meet Google's technical specifications and didn't work after upgrading to Marshmallow.
Below is the actual reply that I received from Samsung tech support:
For security reasons, Face Biometric can not update the keystore after authentication. So, SecurityException is shown when the application tries to make a keystore or sign by the keystore.
Currently, you can not use Face Biometric in your application to authenticate. Alternatively, you may guide the user to change Preferred Biometric to Fingerprint / Iris by showing a pop up (to open biometric preference setting) while getting these exceptions.
Thank you for your patience.
Curiously, I no longer see the crash on the Galaxy S10. The authentication just returns an error code. This may be even worse since it breaks their suggested fix. Ugh.https://stackoverflow.com/questions/55634812/biometricprompt-crashes-on-samsung-s9-with-face-unlock
EdinsonNM
commented
3 years ago hi @hpoul , I created my own plugin with some improvements, i'm not an expert in kotlin but currently it works fine for android. I fix the problem for samsung devices and also fix the problem of changes in the fingerprints. Maybe my code can help solve the problems detected in your library https://github.com/EdinsonNM/security_storage
When you use the BiometricPrompt to encrypt data you must indicate that you want a crypto object to be returned to you. This will prevent Samsung devices from showing face recognition and also allows you to invalidate the keys if you make changes to the biometric
radvansky-tomas
commented
3 years ago @EdinsonNM Tried your app, really difficult to navigate in your code btw...
Anyhow I did not see there any face recognition specific code and after running on physical device your example presents only fingerprint, not face recognition.
Another important articles: https://issuetracker.google.com/issues/147374428
Hi, I have a problem in my samsung mobile galaxy s 10+, when i try to use faceid:
The library return the next message: "Unexpected authentication error. User not authenticated"
