Biometric Startup Lock failed on App Launch

[Slummi]

In 1.42.0 for iOS there is a new bug. After starting the app I always get an error that Face ID unlock has failed or was cancelled and the blue Strongbox screen occurs. After cancelling the master password prompt and opening the database again Face ID works until the next app launch.

[JLWFuQrioea69ugsykvQcg]

FWIW...no issues here authenticating when opening the app or databases on any other of my devices using Face ID or Touch ID running IOS 13.1 beta 3.

[mmcguill]

There was a change made in the order of events sent to Apps at startup in iOS 13. I put in a patch for this, but I believe this broke the older behaviour on iOS 12. @Slummi I assume you're running iOS 12?

[Slummi]

Yes, I‘m still on iOS 12.4.1. I think I will update to iOS 13 at the weekend. But if you want to provide a patch for iOS 12 I can wait with the update and test it again.

[mmcguill]

That's ok, I'm hoping I can tackle this with a simulator. Cheers @Slummi

[Slummi]

Just fyi. Made the update to Strongbox 1.42.0 on another device with iOS 12, today. There‘s the same issue with Touch ID, now.

[mmcguill]

Hi @Slummi - I'm actually having trouble reproducing this on the simulator. Can you help me clear up a couple of things.

Do you mean the App Lock or do you mean the Database lock? It's not clear from your statement above which one you mean, as you mention both. So could you tell me if you are using:

1) App Lock 2) Database Lock 3) Quick Launch on one of your databases 4) Is the error message always the same? Do you have a screen shot or recording you could share?

Thanks! -Mark

[Slummi]

Hi @mmcguill sorry for expressing myself not clearly. I hope the attached video will make things clearer. I mean the Database lock, but maybe there's a relation to App Lock, which I'm not using. It's disabled in the app settings.

1. I'm not using App Lock (it's disabled)
2. I'm using Database Lock with 1 minute delay
3. I'm using Quick Launch and this causes the issue during app startup. If I disable Qucik Launch there's no issue.
4. Yes, the error message is always the same. It says that Database Unlock has failed or was cancelled and that I have to enter the master key manually. This happens every time when I start the app after a longer time or after killing it. If the app is just in the background this doesn't happen. When I cancel the prompt, where I have to enter the master key and open the database again, Database Unlock via Face ID works fine.

RPReplay_Final1568863999.zip

[Ben-Voris]

I’m seeing something similar with touchid on a 6S+ But for me, if I cancel and try again it accepts touch ID.

Updated with image of error:

[mmcguill]

Thanks for the extra detail. It's a strange one, I haven't quite got to the bottom of why this is happening because the change I made shouldn't affect the Database Lock, but I've reverted that change and a new build is on the way... we'll see how that plays out.

[Slummi]

Today I updated one of my devices to iOS 13 and the issue doesn't occur. Will wait for the new Strongbox version and test it in combination with iOS 12 again.

[Slummi]

Strange... The bug is now back on the iOS 13 device. I don‘t know why. The only things I’ve done are restarting the device and changing the apps language.

[mmcguill]

Hi @Slummi - Could you download the latest version (1.42.1) from the App Store and let me know how that works out?

[Slummi]

Hi @mmcguill - looks good! I tested 1.42.1 on iOS 12 and 13 and there‘s no issue with Database unlock via Touch ID / Face ID.

[Slummi]

I think there‘s still a little problem with Quick Launch in 1.42.1. Sometimes the Quick launch database is not opened after app startup. In that case there’s no attempt to open the database and no error message. You stay at the database list until opening a database manually.

[mmcguill]

Thanks @Slummi - Yes this is the issue I was trying to fix in the original patch which ended up breaking things...

[mmcguill]

@Slummi Do you have any more information on this, when it happens, how often you're seeing it?

[Slummi]

Unfortunately I can‘t see any pattern up to now, when or why this happens? The only thing I can say is that I‘ve seen it only if Strongbox has been in the background for a longer time or when Strongbox has been newly started. But it doesn‘t happen very often. Even if I kill the app and start it again it‘s mostly ok. But sometimes it opens with the database list without opening the Quick launch database. I will monitor this issue. If I see any pattern or I‘m able to reproduce it, I‘ll inform you.

[mmcguill]

Ok thanks @Slummi - Please do let me know if you notice any kind of pattern or way of reproducing

[mrybx]

Hi, I think I have found a pattern for this bug. I faced it at ipad 6 and iphone XS (both with ios 13.1.2) and Strongbox 1.43.3. Bug appeared when following setting was set for Application lock:

When I changed to following one application works perfect:

[mmcguill]

Ok thanks @mrybx, it looks like you switched on App Lock from your screenshots. As long as it is working for you that's good.

@Slummi have you seen this occur recently at all?

[Slummi]

No, I haven‘t seen this recently. But I don’t know why. Maybe due to changes in the latest Strongbox versions or iOS 13.x.

[mmcguill]

Thanks @Slummi - Going to leave open as there are a few Face ID reported problems apart from the Apple Touch ID bug

[Slummi]

Ok, I checked this one on another device (iPhone 7 with iOS 13.1.2 and Strongbox 1.43.3) again and the issue is still there. Sometimes unlocking with Toch ID works, sometimes it doesn't.

The database was successfully opened after the video ended.

RPReplay_Final.zip

[Dan-McG]

I have the problem described here. Opening the app from cold, FaceID fails. Closing and opening db it then works, without having to enter db password. Once left open in background after an unlock, FaceID then works. Seems to be since iOS13.

Ios13.1.2 IphoneX v1.43.3

[Slummi]

In Strongbox 1.44.0 the Touch ID error message is a little bit different than before:

[mmcguill]

Yes, I just wanted to expose the system error message.

Basically what's happening here is that when you first tap on the database to unlock a Touch ID dialog is presented but it's completely invisible. This is an iOS bug.

Even more weirdly, you can make the Touch ID dialog magically appear at this point by shaking the phone.

If you do not do this, and instead tap again on your database, Strongbox tries to present another Touch ID dialog because it thinks it's just a standard open.

This looks to be a pretty terrible bug on Apple's side and there isn't much information anywhere about it.

I've heard that iOS 13.1.3 improves things - Are you running that version @Slummi?

[Slummi]

I can't see any improvements. I'm running 13.1.3 and the behavior is the same as before. But it's still dependent on the device. With iPhone X and Face ID there are no issues since iOS 13.

[georgesnow]

Apparently if you rotate the phone to landscape mode the Touch ID window also appears. Technically if after the first time you tap it and then put your finger to authenticate using Touch ID even though it’s invisible. It will work.

[mmcguill]

Yes, quite bizarre, I've put in a message now in the 1.44.1 coming soon to ask the user to shake the device :/

[Slummi]

I can't comprehend this shaking tip...

Here's what happens on my iPhone 7 with iOS 13.1.3:

1. scenario: Strongbox is closed (not in the background) When I start the app the first Touch ID screen appears and becomes directly (before putting my finger on the sensor) overlaid by the error message from the screenshot above which then becomes directly overlaid by a second Touch ID prompt. Now I have different options: When I put my finger on the Touch ID sensor the "Decypting..." message pops up and then I can see the "Touch ID failed" message again with the database list in the background. But this ist the message which has been overlaid before (not a new one). If I press OK in this message, I'm prompted to enter my database password. I can do this or cancel the dialogue and open the database once again with Touch ID. Both ways will unlock the database. If I don't press OK in the error message and rotate to landscape mode instead, the message disappears and I'm in the unlocked database (no further Touch ID operation or password entry necessary). But only rotating the device works, not shaking.

2. scenario: Strongbox is in the background: Everything works fine. No issue with Touch ID.

Crazy...

[Dan-McG]

iPhone XS Problem does not go away with 13.1.3. No problems with FaceID in any other 3rd party app.

To be clear, here's what happens in the startup sequence: Opening the app immediately presents the list of databases Then a dialog on top saying FaceID failed. Then it switches to the blue splash screen with the Strongbox logo. Then there's the apple FaceID process which concludes with a tick Then it switches back to the database list with the pre-existing FaceID failed dialog. Then there's a sequence of dialogs on top saying 'Reading' then 'Decrypting' Once they've disappeared I'm back at the database list with the FaceID failed that seems to have been the base layer since the very instant I opened the app. Cancelling the FaceID failed dialog and cancelling the subsequent enter password screen, I can get into the database by tapping and going through the FaceID process as normal.

[Slummi]

Hey @mmcguill ,

with 1.44.1 you did it. No Touch ID issue anymore. After the update I had to reselect my key file and reactivate Touch ID. Now it's working.

[mmcguill]

That's great news @Slummi - It was basically an issue around adapting to iOS13, earlier versions did not notify about the App becoming Active before the main view loaded, and later versions did. It now seems to have stabilised so I had to revert the earlier adaptation which was causing a double activation.

Fingers crossed things stay this way for now :)

[Slummi]

Hi @mmcguill Today I got this error message (once) after updating my device to iOS 13.4.

Is that error message related to this issue? I tried shaking my device, but nothing happened. After tapping OK, everything is working normally.

[Slummi]

By the way, that message isn‘t available for translation. ;)

[mmcguill]

It's not related to this issue I believe but thanks for the heads up... Don't think we need to localize this message, hoping to get rid of it v shortly.