App grayed out after QuickType with TouchID

[szapp]

I experiencing issues using QuickType with TouchID on iOS 16.7.1 (Strongbox 1.58.27). After using TouchID the underlying app remains unresponsive. This had worked fine in the past, but recently the issue arose for a specific app only (occasionally another app, too). I have recently received updates from both Strongbox and the app I experience the issue with.

Here some more details.
For one app that I use QuickType with, I tap the suggested credentials above the keyboard, use TouchID followed by haptic feedback and I am returned to the app. However, the app remains grayed out and unresponsive (indefinitely it seems), credentials not filled. Only when returning to the home screen and back into the - now no longer grayed out app - and repeating the QuickType a second time it works successfully.

When tapping on the key symbol next to the QuickType suggestion instead, to open the Strongbox UI and selecting the database entry manually, there is no problem. Likewise, there is no issue when using PIN unlock instead of TouchID or turning off convenience unlock altogether. Could the issue be related to TouchID? I was curious and tried with fake credentials in ProtonPass just for comparison. Probably implemented differently, but there QuickType with TouchID was no problem. I noticed, unlike Strongbox, there is no haptic feedback after TouchID, in case that matters.

A few other things I tried are rebooting the device, disabling and re-enabling AutoFill in the system settings, removing and re-adding the database, uninstalling and reinstalling the app in question, create a dummy database (very basic encryption) with one entry containing a (fake) username and password, both very short, and the service ID in a custom field. In all cases, the problem remains with the app I tried it with. I had done all the described tests only with one app, but I experience the issue in at least one other app, too.

Any clue what might be going on or a hint where I could fix the issue on my side? I am happy to provide any debug logs if that helps. Please let me know what to send.

[dan-el]

However, the app remains grayed out and unresponsive (indefinitely it seems), credentials not filled. Only when returning to the home screen and back into the - now no longer grayed out app - and repeating the QuickType a second time it works successfully.

I noticed this on my iPhone 12 Mini with Face ID as well. I didn't persue the issue any further nor did I do any testing. If you need any testing done let me know - I'd be happy to help squash this one!

[strongbox-mark]

Hi @szapp @dan-el - Yes please could do with some help/detail here. Could you see if this still happens with a brand new local database? Just create a new one, enable AutoFill and see if this still occurs for you in the same fashion as with your original databases.

Also, any particular site you'd recommend I test on?

Also, could do with knowing the file size of your databases and the Argon2 memory/iterations if using Argon2 KDF.

Also, iOS version @dan-el

Thanks!

[dan-el]

Until I have time to test this (or until the bug happens again) here is my current setup:

DB size: 6,2 MB KDF: Argon2d, 758 iterations, 1MB memory iOS version: 17.0.3 (the bug already happened with iOS 16 iirc) iPhone Model: 12 Mini, Face ID

I cannot recommend a specific site for you to test at this point. I has occured several times across different pages. But only occasionally. Autotyoe works fine for me on iOS almost all of the time.

[szapp]

Thanks for the reply. I got around to testing a bit more. For clarity, I outlined the exact steps I took.

1. Open Strongbox and disable AutoFill from all existing databases.
2. Close down Strongbox completely.
3. Disable AutoFill in the iOS settings completely.
4. Open the app in question to confirm AutoFill cache is cleared and disabled.
5. Open Strongbox and add a new local database, leaving everything as defaults, just setting a simple password "abcdef".
6. Enabling AutoFill in the iOS settings and setting it to Strongbox.
7. Open the new Strongbox database and confirm the prompt for enabling AutoFill/TouchID for the database.
8. Leave all example database entries untouched and create a new entry, only setting the URL to match the service ID of the app. Note My auto suggested password is quite long (42 characters).
9. Open the app and try - same result.

Instead of a specific app, I tried to find a website for better reproducibility on your end. I noticed it might really be app-related:

I created a second entry in the local database, exemplary with fill.dev in the URL field - otherwise default values. On the fill.dev website, QuickType works in safari but fails when using the DuckDuckGo browser. For illustration I attached a video. In the end of the video, you see me trying to slide the webpage up and down until the gray overlay(?) disappears. The app remains unresponsive. https://github.com/strongbox-password-safe/Strongbox/assets/20203034/5a6f821f-379f-4380-8931-a9bd9a843bb1

I also noticed that in safari the QuickType is the blue button replacing the keyboard - whereas in DuckDuckGo it has the suggestion above the keyboard. I never understood when that happens. Is this just a safari thing?

The info of my actual database (from the original tests): DB size: 721 KB KDF: Argon2id, 32 iterations, 32 MB memory, parallelism 4 iOS version: 16.7.1 (I noticed there is a new update 16.7.2 - I can try that soon too) iPhone Model: 8

I updated Strongbox to 1.58.28 in the meantime before doing the tests here on the local database.

[strongbox-mark]

OK, great, thanks for all that detail... Definitely there appears to be issues in third party apps more so than Safari. Will try to investigate this shortly.

[dan-el]

I tried the steps outlined by @szapp and Autofill is working fine for me so far (tried Safari, DuckDuckGo, Firefox, Chrome, Brave)

Will post an update here once I encounter the issue again.

[strongbox-mark]

@szapp How is it currently looking with 16.7.2?

[szapp]

Unfortunately, I don't see a difference with 16.7.2

For me, it seems to be related to initially unlocking the database. When closing down an unresponsive app after QuickType "fails" and opening it again, a second attempt at QuickType works. I think, that's because the database is unlocked on the first try and the second attempt is within the convenience auto unlock timeout (as set in the AutoFill settings of the database).

[strongbox-mark]

Got it, ok, and I wonder, if you disable Face/Touch ID just to test if it's related, and you enter your master password manually, does that work?

[szapp]

Yes, that works without problem. It seems to me that as soon as the UI is involved (e.g. also taping on the key symbol next to the QuickType suggestion), AutoFill does not get stuck.

[strongbox-mark]

OK, yeah, you mean it's only when Face ID is requested that there is a problem?

You say tapping on the key symbol also breaks things or does NOT break things? Sorry it wasn't clear above.

Also, can I ask if you are using a Key File?

[szapp]

Yes, sorry. Only in the combination with TouchID and without UI, it gets stuck. That is,

• Disabling TouchID works
• Tapping the key symbol (to bring up the UI) works - even when using TouchID

I am using a key file additionally to a master password, yes. I only added the key file after the problem started appearing. I am willing to disable it and try without the key file. I will report back here.

[szapp]

Quick update: The key file does not seem to make a difference. Here my steps, to confirm I did not forget to reset/clear any cache.

1. Remove the key file using KeePassXC on my desktop, where I originally added it.
2. Sync the database back to my iPhone.
3. Remove the key file configuration from the database (key file remains imported to Strongbox).
4. Unlock the database using the master password only.
5. Disable and re-enable AutoFill in the iOS settings.

[strongbox-mark]

Thanks for trying :)

[strongbox-mark]

I've released an update (1.58.29) available on the App Store now, which I'm hoping will improve things, and I'd love some feedback. Could you guys update and let me know?

You might need to search on the App Store for Strongbox and click/tap into it to see the "Update" button, as it might not update automatically.

[szapp]

Yes, it looks like QuickType with TouchID works for me now! Thank you for the quick response and hard work.

From my side the issue seems resolved. I will try some more throughout the day and will check back in if I encounter any issues.

[JLWFuQrioea69ugsykvQcg]

I'm running the latest build and just experienced this issue. I've experienced it previously as well. I end up having to manually copy and paste the credentials. Using autofill results in the screen hanging and the only way to get it to respond is to go back to the Home Screen and then return to the app. My issues have been in Safari.

[strongbox-mark]

@JLWFuQrioea69ugsykvQcg How often is this happening for you, would you also be able to send your debug info and screen recording of the issue to support@strongboxsafe.com?

[JLWFuQrioea69ugsykvQcg]

It's very intermittent and infrequent, but it does happen. I'll take note when it happens again and then send the debug logs at that time.

[strongbox-mark]

Thanks, anything you notice could be helpful, is there a TOTP involved, etc

[strongbox-mark]

Hi @JLWFuQrioea69ugsykvQcg - Could you update to 1.58.35 and let me know if this fixes things for you?

[JLWFuQrioea69ugsykvQcg]

Thankfully I have not experienced any auto type or quick fill issues in the past few builds. I appreciate you putting the time and effort into to resolving these issues. Thank you!