[TECHNICAL] Improve biometrical authentication security - Githubissues

owncloud / android

:phone: The ownCloud Android App

GNU General Public License v2.0

3.83k stars 3.05k forks source link

[TECHNICAL] Improve biometrical authentication security #4180

Closed manuelplazaspalacio closed 9 months ago

manuelplazaspalacio commented 1 year ago

Improve the biometrical authentication to solve posible security problems. Improve the mange of the onAuthenticationSucceeded result to prevent posible security leaks. More info here: https://sec-consult.com/blog/detail/bypassing-android-biometric-authentication/

Manage the CryptoObject Manage the CryptoObject obtained inside the result of the onAuthenticationSucceeded. You can find more info here: https://medium.com/androiddevelopers/using-biometricprompt-with-cryptoobject-how-and-why-aace500ccdb7 https://developer.android.com/training/sign-in/biometric-auth#crypto

TASKS

[x] Research (if needed)
[x] Create branch technical/improve_biometrical_auth_security
[x] Development tasks
- [x] Do proper checks with result in onAuthenticationSucceeded
[x] Code review and apply changes requested
[x] Design test plan
[x] QA
[x] Merge branch technical/improve_biometrical_auth_security into master

michaelstingl commented 11 months ago

Worst case, maybe 4.2.1… 🤞