Bug in Privacy Shield View with Face ID

[dan-el]

Bug? Privacy Shield View circumvented.

How to reproduce?

1. Open Strongbox, open a database.
2. While performing Face ID unlock (during the unlocking animation) swipe up from the bottom to get to the app switcher.
3. The Strongbox app window in the app switcher view is not pixellated.

Tested on iPhone 12 Mini with iOS 15.0.2 and Strongbox 1.54.1 but has been there for some time now I think.

[strongbox-mark]

Sounds like a bug alright @dan-el - Will investigate...

[strongbox-mark]

HI @dan-el - Had a look at this. This is "sort of" by design. When a Biometrics request is initiated the App receives a "Resign Active" message. This is the same message as we receive when the App goes into the background for real.

To avoid blurring the App during a Biometric request we specifically check if we're doing a Biometric request. If so, no blur/privacy shield. Similarly, no App Lock occurs during a Biometric request.

Now, we could choose to Blur during a Biometrics request, which I don't think is a good UX.

We could also try to detect the Cancellation of the biometrics request and use that to determine that the privacy shield view should be shown. The problem is it may be too late to successfully show. It would also be quite a complicated and tricky little task to pull off.

So, I think only the second option is a viable fix, but the development cost is high and the risk for regressions is also high.

The current behaviour while less than ideal, is rare, and I believe not so severe (I don't want to say cosmetic but I think close). If this is a real concern rather than a niggle, the answer is to disable Biometric Unlock.

I'm happy to leave this open, it would be nice to fix, but as mentioned the cost/risk is very high and so I don't see this getting priority over other issues for quite a while.