Bigger buttons for the pin code and Biometric authentification

[vincentMuzas]

I found it kinda hard to hit the correct buttons on the screen when typing the pin code to unlock the wallet, also adding biomectric authentification coud be a nice adition sooner than later.

Keep up the good work!

phone i'm using: OnePlus 6t with OxygenOS 10.3.12

[acrespo]

Sorry for the late reply and thanks for the suggestion! We will definitely add this at some point in the future, but haven’t prioritized it yet. There's some intricacies due to a limitation of the Android BIometrics API, which doesn allow us to proper distinguish and handle FingerprintID from FaceID (https://issuetracker.google.com/issues/111315641).

I’ll let the team know about your request so that we take into account your +1.

Just so we can understand the use case better, what biometric method do/would you use? Fingerprint? Face ID? If both, any preference?

[asafyish]

Even if FaceID is less secure then fingerprint, I think they are both much more secure then 4-digits pin, overall increasing security.

[vincentMuzas]

I'm personaly on the fingerprint only camp.

[asafyish]

Also, I think there should be an option to completely disable passcode/fingerprint/faceid. I for example have a fingerprint unlock for my phone and when the phone is unlocked, it means I just unlocked it.

[xmready]

I also would love to see fingerprint support and it should be prioritized over face recognition, especially since some newer phones are reverting back to fingerprints over facial unlocking due to facemask coverings.

A 4 digit pin isnt very secure and is a pain. Thanks.

[petjal]

PINs can be seen by cameras, and cameras are everywhere these days; high-profile folks, who are frequently followed photographers, should not use PINs in public (source: https://www.inteltechniques.com/podcast.html)

[petjal]

samourai wallet scrambles their PIN entry key pad, annoying sometimes, but a good idea 😄

[petjal]

extra points to require fingerprint upon using private info, like sending bitcoin

(I don't think muun ever displays private info, but if so, that could be put behind a fingerprint tap, as well)

[gosuto-inzasheru]

i find it is quite common for android apps to offer replacing pin unlock with bio unlock. i dont have an opinion on face id---i dont use it---but to be able to unlock the app using a fingerprint instead of a pin would be great!

also, i get that this is a different discussion, but only four digits is maybe a bit limiting?

[Petr-Mi]

Another year passed and no biometric fingerprint recognition :-(

[gosuto-inzasheru]

f

[xmready]

@acrespo give the people what they want

[slightlyfaulty]

There's some intricacies due to a limitation of the Android BIometrics API, which doesn allow us to proper distinguish and handle FingerprintID from FaceID (https://issuetracker.google.com/issues/111315641).

Why exactly do you need to distinguish between FingerprintID and FaceID? Not knowing what type of biometric authentication is used is a security feature by design. From the Android spec:

[C-2-6] MUST NOT enable third-party applications to distinguish between individual biometric enrollments.

I'm sure we can all agree that any kind of biometric authentication is better than a PIN code. So just let Android handle what type of biometric authentication is being used, and all Muun needs to worry about is if it passes or fails.

This is an important security feature that's been asked for over and over for a long time. Surely it deserves a fresh look, or at least some clarification on the way forward.

[acrespo]

Hi guys!

Thank you all for taking the time to share your feedback with us. We appreciate it and we pay attention to it.

Regarding this specific topic:

Why exactly do you need to distinguish between FingerprintID and FaceID? Not knowing what type of biometric authentication is used is a security feature by design. From the Android spec:

[C-2-6] MUST NOT enable third-party applications to distinguish between individual biometric enrollments.

I’m not sure the docs say what you mean. I think that it means that 3rd party apps shouldn’t be able to distinguish which finger (e.g index finger vs middle finger) you are using for fingerprint auth. We totally agree with that statement. But it would be nice to distinguish between the type of auth (fingerprint or Face ID) to better design the UX/UI.

We're a small team with very limited time, and the implementation we'd like to do (and have already analyzed) will take time. For the moment, we have prioritized other features and improving the overall reliability of the app.

We’re aware this has become an increasingly painful experience and we understand this feature is very important for you and other Android users; it's important for us as well. We’re sorry for the inconvenience.

[slightlyfaulty]

Thanks for the reply @acrespo, but I'm pretty sure it doesn't have anything to do with distinguishing which finger is being used. If you take a quick look at the docs you'll see they're referring to enrollment of the different types of bio-authentication, i.e. fingerprint, face, iris.

https://source.android.com/docs/compatibility/10/android-10-cdd#7_3_10_biometric_sensors

Furthermore, implementation uses a BiometricPrompt class which handles the UI entirely. I'm not sure why you'd want to circumvent this and build your own custom UI when the work has already been done by the operating system.