Handle biometrics removed from device by user

J-Pabon commented 1 year ago

If the user create a repository and selects "Secure with biometrics", the password is saved to the secure storage and biometric authentication is required to retrieve it for unlocking the repo later on.

If after this, the user disables/removes the biometric method used when created the repo, there is no way to retrieve from the secure storage, even if the user enables again the biometric method they used originally (this is because the new biometric methos, say fingerprint, would be a different key than the old one, regardless if it is "the same fingerprint").

The problem becomes evident due to the fact that when securing a repo with biometrics, the default use case is for the app to generate the password automatically, without showing it to the user. Because of this we can ask for the user to input the password (so we can delete->create a new entry in the secure storage for the repo), and fix the biometric validation for the password.

Only in one specific case, this is may be possible: if the user first created the repo, without using biometrics, which means they created the password and use it every time it needs to unlock the repo, and later decided to secure it with biometrics. In this case the password saved to the secure storage is the one created by the user, which can be used to fix the problem.

Steps to reproduce

Create a repo, and select "Secure with biometrics"
Lock and unlock the repo using biometrics: confirm that it unlocks the repo.
Go to Android Settings > Security > and remove the biometric method.
Go back to the app, lock the repo if needed, and try again to unlocked

Expected

Validate biometrics and unlock the repo

Result:

Unlocking the repo fails.

Potential solution

To prevent this issue in the future, we can implement a master password for the each instance (device), and save it to the secure storage. That way we can use if for cases in which the repo password is lost (either in cases like the one described here, and maybe the user forgetting the password).

IvanaBlzvc commented 1 year ago

Leaving open for Jorge to manage as per conversation in MM https://mattermost.equalit.ie/equalitie/pl/ks5w6nutefne7bbb5bf5traihe

IvanaBlzvc commented 1 year ago

This is not an issue in the current implementation: we separated the storage from the biometric validation, so it doesn't matter if the user deletes and create a new "finger", as long as the OS tell us it is successful.

equalitie / ouisync-app