-
Notifications
You must be signed in to change notification settings - Fork 741
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Improve lock screen implementation with extra security measures #6523
Improve lock screen implementation with extra security measures #6523
Conversation
1695a69
to
b18048f
Compare
I have some remarks about this.
|
About these:
If we wanted to both encode and decode using the
The problem here would be the migration for users who are already using biometric authentication: to create this encrypted credential we first need to have the user unlock a |
I think it should be enough to enforce a non-null |
65aebdc
to
dc03e46
Compare
I've been having issues all morning with the same emulator on API 31 I've been using so far where there is an extremely weird crash:
This is actually working fine on another API 30 emulator and 2 real devices with APIs 30 and 31, and I still haven't found what could be causing this weird behaviour, not even creating a new API 31 emulator fixed it. I did upgrade my emulator version from the SDK not long ago, so it might be a newly introduced bug in emulators in that API. |
Just one more remark: |
RSA with PKCS1Padding is used for Android 5 and 5.1. We can try to change the padding used to a better one, but Either that, or split the cryptography in 2 separate components, one for the rest of the app and another one specially for this. Also, we were already considering bumping minSdk to 23 (see #6067), and in that case we could just drop support for this RSA encryption after a migration to AES if I'm not mistaken. |
Switching to |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
665bcd0
to
e122f12
Compare
e122f12
to
49edfa5
Compare
SonarCloud Quality Gate failed. |
Type of change
Content
See #6522 .
Motivation and context
We want to add additional security measures to the biometric authentication of the lock screen feature:
Cipher
used is unlocked after authentication.Cipher
while the device is unlocked.Tests
develop
or any other branch, go to Settings -> Security -> Protect access, and create a PIN code and enable biometric authentication. This can be done on the emulator too, but you need to make sure you're on API >= 30).Tested devices
Checklist