Security Issue: App remains unlocked after failed biometric authentication and backgrounding #11667
Labels
bug
It's a bug
Comments
|
This is a known issue unfortunately and the reason it's a beta feature on Android. It works perfectly well on some devices and is faulty on others, and so far we are not able to replicate the issue |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Operating system
Android
Joplin version
Joplin Mobile 3.2.7 (prod, android)
Desktop version info
Joplin Mobile 3.2.7 (prod, android)
Client ID: 6d2427a3c141471290718f5ab6a352e3
Sync Version: 3
Profile Version: 47
Keychain Supported: No
Revision: 2fba101 (dev)
Android API level: 34
WebView version: 131.0.6778.260
WebView package: com.google.android.webview
FTS enabled: 1
Hermes enabled: 1
Current behaviour
Description:
A security issue occurs in the Joplin Android app (version 3.2.7 and earlier) where the app remains in an unlocked state under specific conditions. Below are the steps to reproduce the issue:
Steps to Reproduce:
Expected Behavior:
The app should require biometric authentication again upon returning from the background.
Actual Behavior:
The app remains in an unlocked state, bypassing the intended security feature.
Let me know if further details or logs are required. Thank you for looking into this!
Expected behaviour
No response
Logs
No response
The text was updated successfully, but these errors were encountered: