At the moment, in the AppLockActivity, mAttempts does not get saved if the activity is killed. This means if you're trying to limit the number of passcode attempts in onPinFailure to some small number n, an attacker can bypass this by trying n-1 pin codes, then killing the app and trying n-1 more passcodes.
This should be pretty easy to work around by managing my own count of pin attempts that is persisted, but it seems like this should be built into the library. I'm happy to open a PR for this if it makes sense.
At the moment, in the
AppLockActivity,mAttemptsdoes not get saved if the activity is killed. This means if you're trying to limit the number of passcode attempts inonPinFailureto some small number n, an attacker can bypass this by trying n-1 pin codes, then killing the app and trying n-1 more passcodes.This should be pretty easy to work around by managing my own count of pin attempts that is persisted, but it seems like this should be built into the library. I'm happy to open a PR for this if it makes sense.