Closed kober32 closed 4 years ago
After discussion with @petrdvorak, this should be false
by default and configurable in SDK for developers who want such a feature.
Just a quick comment from my side: The original intended behavior on Android 6 was keeping the key on adding a new biometry element. This was to avoid disabling biometry to the end-user who might not expect it. I do not have a strong option for either way, though. Let's make this option visible in the documentation and highlight it in release notes.
I'll implement that configuration as #260. Then I'll take a look at this particular problem, why the removed key is not detected in the SDK properly.
This issue is specific for our Samsung testing device (Galaxy A5 - SM-A520F
, Android 8.0). Normally, when the biometric enrollment is changed, our code fails at getting the key in BiometricAuthentication.prepareSecretKey(). This device has unfortunately a slightly different behavior. The key is provided as usual, then the user is able to authenticate via the legacy authentication dialog and then, finally, the failure happens in attempt to derive our cryptographic key, in FingerprintAuthenticator.protectKeyWithCipher().
We have to change our code to handle also this kind of situations. I guess that this failure may happen also in the new, BiometricPrompt
based code. We simply cannot trust the vendor's implementation here.
When user adds another finger for unlocking his phone, it invalidates the current keystore value and makes the biometry factor not working.
This is probably due to a policy specified in https://developer.android.com/reference/android/security/keystore/KeyGenParameterSpec.Builder.html#setInvalidatedByBiometricEnrollment(boolean)