Closed WSLUser closed 6 years ago
I don't think it's feasible to encrypt backups with biometrics. They wouldn't survive a factory reset or work on a different device.
True but in that case, you could use the original passphrase you created. Another option would be to 1.) Reinstall Signal. 2.)Re-establish biometric data from IRIS (or other alternative if another is ever implemented such as fingerprints) 3.) Start import signal backup 4.) Recieve authentication request normally requesting passphrase, it asks for your biometric data instead 5.) Signal checks the biometric data stored for backup and validates against biometric data set up in the Signal app (you already re-did the steps to use biometrics). 6.) Restore process occurs (assuming the validation was successful) 7.) User validates all data is available and is readable
Biometric data should not be accessible from userland, not even accessible by the kernel. It is supposed to be stored in the TEE, thus it is not accessible by any app. Signal cannot retrieve it to compare it. And if you do a factory reset, it's gone forever.
The TEE is within the kernel and is covered by an SELinux policy. Someone clever enough could hack that and gain access. I'm sure somebody has done it but does anyone here have knowledge to get at it? That I don't know.
@moxie0 Are you sure this is the issue you intended to mark as "fixed"above ...?
GitHub Issue Cleanup: See #7598 for more information.
I have:
Bug description
Describe here the issue that you are experiencing.
I would like to request to ability for users to use their IRIS scanner of choice to lock and unlock the app and backups as an alternative to passphrase. This can be accomplished by using the camera. Samsung has adopted this for unlocking their phones starting with the Galaxy S8
Related ask: #6031
Device info
Device: Samsung Galaxy S7 Android version: 7.0.0 Signal version: 4.16.9