Describe the bug
I've noticed a problem with biometric/pin protection in that if you set a pin manually, whilst you can unlock the app with your fingerprint, if you try to edit or deactivate the pin using the biometric it confirms PIN does not match.
When activating pin, the app lets you set this up just using biometric but after this you can only deactivate using biometric.... It's very strange and not sure it's working correctly.
To Reproduce
1) Launch money and go to settings and security.
2) When you click Activate Passcode the app displays the biometric symbol.
3) If you cancel this and enter a manual code such as 12345 then hit cancel again and re-enter 12345 this is accepted.
4) Relaunch app the biometric symbol appears and it allows you into the app.
5) Return to settings and Security and then try to edit/deactivate security. Again the phone offers biometric but if you use this the app says "passcode do not match"
6) If you try both again but this time cancel biometric and enter 12345 then this is accepted.
It's similar in reverse, in that if you use biometric to set a passcode, there is no way to deactivate or edit this without biometric.
Is this correct behaviour? Seems a bit weird?
Expected behavior
Not sure. I would expect you to be forced to set a passcode when activating and the app not offering biometric at that point. Then to edit or deactivate the passcode I'd expect the so to accept either the passcode or biometric?
Screenshots
Will attach in next post
Device Information:
Device: Samsung
OS: Android 14
Storage: 256gb
Synchronization: Sync on Start
Encrypted: No
App Version: 2024.05.02
Additional context
Seems to be a disconnect between passcode and biometric?
smjohns
commented
1 month ago
Describe the bug I've noticed a problem with biometric/pin protection in that if you set a pin manually, whilst you can unlock the app with your fingerprint, if you try to edit or deactivate the pin using the biometric it confirms PIN does not match.
When activating pin, the app lets you set this up just using biometric but after this you can only deactivate using biometric.... It's very strange and not sure it's working correctly.
To Reproduce 1) Launch money and go to settings and security. 2) When you click Activate Passcode the app displays the biometric symbol. 3) If you cancel this and enter a manual code such as 12345 then hit cancel again and re-enter 12345 this is accepted. 4) Relaunch app the biometric symbol appears and it allows you into the app. 5) Return to settings and Security and then try to edit/deactivate security. Again the phone offers biometric but if you use this the app says "passcode do not match" 6) If you try both again but this time cancel biometric and enter 12345 then this is accepted.
It's similar in reverse, in that if you use biometric to set a passcode, there is no way to deactivate or edit this without biometric.
Is this correct behaviour? Seems a bit weird?
Expected behavior Not sure. I would expect you to be forced to set a passcode when activating and the app not offering biometric at that point. Then to edit or deactivate the passcode I'd expect the so to accept either the passcode or biometric?
Screenshots Will attach in next post
Device Information:
Additional context Seems to be a disconnect between passcode and biometric?