search

wultra / powerauth-mobile-sdk

PowerAuth mobile SDK adds capability for authentication and transaction signing into the mobile apps (iOS, tvOS, watchOS, Android).
https://www.wultra.com/product/wultra-mobile-security-suite/
Apache License 2.0
33 stars 13 forks source link

Add method for local activation removal #37

Closed petrdvorak closed 7 years ago

petrdvorak commented 7 years ago

We currently force SDK users to use direct access to PA2Keychain when activation should be removed:

https://github.com/lime-company/lime-security-powerauth-mobile-sdk/wiki/PowerAuth-SDK-for-iOS#simple-device-only-removal

This is not desired - we should create PowerAuthSDK.sharedInstance().removeActivationLocal() to remove the activation.

Also, we should add call to this method in removeActivationWithAuthentication, so that local data is removed.

hvge commented 7 years ago

Looks like that we have that local removal method available on IOS, but not on Android. There's clearActivationDataKeychain and is doing almost exactly what we want, but there's no Android equivalent.

Is there a reason why that clearActivationDataKeychain doesn't remove also a possession key? It makes no sense for me.

petrdvorak commented 7 years ago

Is there a reason why that clearActivationDataKeychain doesn't remove also a possession key? It makes no sense for me.

Yes. The single possession key is shared among all activation instances. The only reason we cache it in Keychain is that identifierForVendor is reset on iOS between updates when using enterprise distribution certificate (during application testing). We have no "possession key related keychain" on Android for this very reason - the value returned by OS remains unchanged on Android.