mjwheatley
commented
6 years ago See changelog for version 1.4.0 It was to allow decryption with backup authentication by default.
Closed dschnelzer closed 6 years ago
mjwheatley
commented
6 years ago See changelog for version 1.4.0 It was to allow decryption with backup authentication by default.
dschnelzer
commented
6 years ago Thanks for the quick reply. We just saw issues 85 and 88 and the release notes for 1.4.0. We are looking through those threads now. Our concern is potentially exposing our encrypted data in the keystore without requiring fingerprint authentication. We don't plan to support the backup option. We think that we will be more secure if we initialize the keystore with setUserAuthenticationRequired set to true. Can you see any problem with us using setUserAuthenticationRequired(true) if we don't support the backup options?
mjwheatley
commented
6 years ago No, that would be the preferred configuration for fingerprint only authentication.
dschnelzer
commented
6 years ago Just saw that you took out the plugin param userAuthRequired in version 1.4.0. What do you think of putting it back in and just defaulting to false so that those of us that would like to override to true could do so? Thanks again for the quick responses.
mjwheatley
commented
6 years ago Yeah, I can make that happen for you. I'll try and get something published tomorrow.
dschnelzer
commented
6 years ago Thanks, that's awesome.
mjwheatley
commented
6 years ago Published v1.4.2
dschnelzer
commented
6 years ago Thanks very much, we just pulled that into our development!
https://github.com/mjwheatley/cordova-plugin-android-fingerprint-auth/blob/d05fd5b6dedfcd6807ebaac4351a20afbe3eb7a9/src/android/FingerprintAuth.java#L551
It looks like .setUserAuthenticationRequired(false) was change from true to false. Can you share why that was done?