Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Wrong behaviour in Android 10 with disablebackup false #417

Open
andreszs opened this issue Apr 29, 2022 · 2 comments
Open

Wrong behaviour in Android 10 with disablebackup false #417

andreszs opened this issue Apr 29, 2022 · 2 comments
Labels

Comments

@andreszs
Copy link

Bug report

The .show method seems to be flawed in Android 10.

Behavior in Android 7/8/9

  • Dialog invoked with disablebackup=false shows fallback button to use PIN/PATTERN/ETC.
  • Pressing BACKBUTTON to cancel correctly dismisses the dialog.

image

Behavior in Android 10 (Samsung, Redmi)

  • Dialog invoked with disablebackup=false shows a CANCEL button instead of fallback button.
  • Pressing CANCEL shows a second dialog with the fallback button that should have been shown to begin with.

image

BiometricPrompt.PromptInfo.Builder notice

The setDeviceCredentialAllowed method shows this warning:

On versions prior to Android 10 (API 29), calls to BiometricPrompt.cancelAuthentication() will not work as expected after the user has chosen to authenticate with their device credential. This is because the library internally launches a separate activity (by calling KeyguardManager.createConfirmDeviceCredentialIntent(CharSequence, CharSequence)) that does not have a public API for cancellation.

The reality check shows the exact opposite, behaviour with setDeviceCredentialAllowed(true) does work as expected UNTIL Android 10 which duplicates the dialogs. And cancelling the pattern/pin dialog corrrectly returns a BIOMETRIC_DISMISSED failure callback.

Plugin demo app

To easily test this plugin, I've created and uploaded a small Fingerprint Plugin demo app. Kindly let me know if this behavior persists in your Android 10+ phones.

Environment

@andreszs andreszs added the bug label Apr 29, 2022
@onuh
Copy link

onuh commented May 22, 2022

I have this issue on Android 11

@andreszs
Copy link
Author

andreszs commented May 26, 2022

After inspecting the source, it seems the duplicated dialog is a plugin workaround to bypass an Android 10+ introduced bug reported years ago.

I've been working on a PR to replace the deprecated setDeviceCredentialAllowed method to API's 30 setAllowedAuthenticators only to find out that the latest stable Biometric API 1.1.0 still includes this bug. 🙄

This bug was partially fixed in androidx.biometric:biometric:1.2.0-alpha04:

Fixed an issue on API 29 where some devices (including emulators) would receive a cancellation error when falling back to PIN/pattern/password. Note that, for some devices on API 29, this may cause the user to be prompted for their screen lock even if a biometric is available and enrolled. (b/142740104)

This 1.2.0 alpha 04 fix was released 6 months ago and there is not even a release candidate version yet, not to mention a stable release. 😠

Now all depends on the androidx developers to release a stable version with this fix, however, they seem to prefer wasting time with Kotlin and adding more features than fixing issues reported 3 years ago. Yep, that's definitely the Google Android team.

Testing biometric API 1.2.0 alpha 04

Building the app with this unstable alpha API and with target SDK 30 triggers this error:

The minCompileSdk (31) specified in a
dependency's AAR metadata (META-INF/com/android/build/gradle/aar-metadata.properties)
is greater than this module's compileSdkVersion (android-30).
Dependency: androidx.biometric:biometric:1.2.0-alpha04.
AAR metadata file: C:\Users\Desarrollo.gradle\caches\transforms-3\8c68f6ea435579e4588be7c2dc68b613\transformed\biometric-1.2.0-alpha04\META-INF\com\android\build\gradle\aar-metadata.properties.

Which means the fix requires API 31 build tools. I'm not sure if Cordova 11 can be safely compiled against SDK 31, so that's the end of my research for now. I've wasted an entire day dealing with this bugged API for nothing.

Bugged androidx biometric API 1.1.0 (stable) behaviour

image

This issue does not affect Android 9 and earlier devices. They managed to introduce it somewhere in API level 29.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
2 participants