The wallet-app is protected by login dialog. The dialog is depending on the device features protected by biometrics or another device unlock method. However it always wrongly claims to be a biometric login even on phone not supporting biometrics.
In class AuthFragment ;
val prompt = BiometricPrompt.PromptInfo.Builder()
.setTitle(getString(R.string.biometric_dialog_title))
.setSubtitle(getString(R.string.biometric_dialog_subtitle))
Possible Fix
Always uses these hardcoded values:
Biometric login
Log in using your biometric credential
This security feature wrongly advertises itself and gives a false sense of security.
Impact
Wallet-app login suggest biometric level security on non-biometric devices.
Recommendation:
• Change login screen text and design accordingly on non-biometric devices.
Description
The wallet-app is protected by login dialog. The dialog is depending on the device features protected by biometrics or another device unlock method. However it always wrongly claims to be a biometric login even on phone not supporting biometrics.
In class AuthFragment ; val prompt = BiometricPrompt.PromptInfo.Builder() .setTitle(getString(R.string.biometric_dialog_title)) .setSubtitle(getString(R.string.biometric_dialog_subtitle))
Possible Fix
Always uses these hardcoded values: Biometric login Log in using your biometric credential This security feature wrongly advertises itself and gives a false sense of security.
Impact
Wallet-app login suggest biometric level security on non-biometric devices. Recommendation: • Change login screen text and design accordingly on non-biometric devices.