authpass / biometric_storage

Flutter plugin to store data behind biometric authentication (ie. fingerprint)
https://pub.dev/packages/biometric_storage
MIT License
184 stars 107 forks source link

Improvements to behaviour on iOS and macOS #74

Open luckyrat opened 2 years ago

luckyrat commented 2 years ago

In #70, @hpoul and I have discussed some of the problems with the current behaviour on iOS and I have a potential solution in PR #73 which I have found improves the situation for an iPhone 6 (TouchId) with iOS 12.

I understand that since a lot of the code is shared with macOS, similar issues and solutions will apply to that platform too.

Since it is so difficult to evaluate changes to iOS behaviour without an impossible array of expensive devices, it would be great if anyone else with access to iOS devices could try out the proposed solution in #73 and let us know how it behaves. We'd be particularly interested in anyone who can test newer iOS versions and/or FaceId.

@hpoul can chime in with any additional thoughts but as a starting point, I think this is the current situation:

We create an LAContext the first time authentication is required after storage initialisation (e.g. a read or write request) and this persists for the lifetime of the app.

Once the LAContext has been authenticated once, it remains authenticated "indefinitely" (actually that's the undocumented 10 minutes I've previously mentioned in #70).

If authenticationValidityDurationSeconds is > 0 and we are attempting a write operation we apply this as a touchIDAuthenticationAllowableReuseDuration setting to the context.

If the context has already been authenticated (e.g. via a previous read operation) this has no effect.

If this touchIDAuthenticationAllowableReuseDuration grace period is set before the first time the context needs to authenticate, the context will behave in a way that is somewhat poorly documented across disparate Apple documentation and 3rd party discussions. My best understanding of all of that is that this grace period starts only when unlocking the device with Touch ID (and maybe FaceID); a successful keychain retrieval authentication will not restart the grace period.

So, the touchIDAuthenticationAllowableReuseDuration only has an effect if the first authentication attempt is within that number of seconds of the user unlocking their phone; all subsequent authentication requests will then automatically succeed (for 10 minutes).

If the user takes longer than touchIDAuthenticationAllowableReuseDuration seconds before the first authentication request is made (or if they have configured touchIDAuthenticationAllowableReuseDuration to be <= 0), they will be prompted to authenticate at that point, and then all subsequent authentication requests will automatically succeed.

My tests on the current plugin version and my PR leave me pretty confident that the above is accurate with regard to TouchId but less so about whether FaceId behaviour differs.

felix-barz-brickmakers commented 2 years ago

What is the status on this. I found this issue via #68 and "followed the tracks" to #73 and #77. As it seems, all of these variants are work in progress.

I would like to know which of these PRs is the desired approach and whats the status on it. So when can we expect this to be fixed? I think this is a security issue with the plugin, as biometric storage is often used with very sensible data. This problem could easily be abused to access data in an app without triggering the biometric prompt.

If none of the proposed solutions is viable in the near future, I would suggest to completely disable the validity support for ios temporarily and always recreate the LAContext until a better solution is found.

ThePrincelle commented 2 years ago

Any news on this subject? My app requires the user to pass biometric identification when required. Is this feature going to bring this capability, or if it's already implemented, how should I configure this behavior?

Thanks in advance.

Abdulaziz4 commented 1 year ago

Any update on this ?

I see that there is an open PR #77 with no progress for a few months now, is there a plan to have this resolved in the near future?

annawidera commented 1 year ago

Hey @hpoul , hey @luckyrat ! Thank you for your efforts to date towards covering different iOS use cases and behaviours in the context of secure storage. Would be really cool if we could have these changes finalised and published. Is #77 considered a leading branch in this topic? What's still needed to finalise? Do you seek a broader range of hardware configurations to test recent changes against? Is there something uncovered yet?