Use system PIN prompt when possible on Android #6645
Conversation
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
| BiometricManager.Authenticators.DEVICE_CREDENTIAL | ||
|
|
||
| else -> | ||
| - null |
There was a problem hiding this comment.
This is a new part of the patch, in our case we do not specify what authenticators to use when we get values, but if we do not specify any it will prompt for class 2 when available, which will then fail to decode the keychain. This changes this so it defaults to BiometricManager.Authenticators.BIOMETRIC_STRONG or BiometricManager.Authenticators.DEVICE_CREDENTIAL. This part of the patch could probably be upstreamed.
| } | ||
| } | ||
|
|
||
| + override fun canOverrideExistingModule(): Boolean { |
There was a problem hiding this comment.
This part of the patch was not needed.
| storage: CipherStorage, | ||
| promptInfo: BiometricPrompt.PromptInfo | ||
| ): ResultHandler { | ||
| - return if (storage.isAuthSupported()) { |
There was a problem hiding this comment.
I think this might actually not be needed, leftover from previous changes I will try to remove.
| privateKey: decryptedPrivateKey, | ||
| }); | ||
| } | ||
| if ((theKeyIsASeedPhrase || theKeyIsAPrivateKey) && secret?.includes('cipher')) { |
There was a problem hiding this comment.
The issue was that this code assumed the seed or pkey were encrypted as a stringified JSON object like {"seedphrase": "<encrypted_data>"}, but it is actually just the encrypted data.
* PoC implementation of using system pin prompt * Cleanup * Better patch * Add comment * Restore IS_DEV check * Fix import * Test fix * Fix secrets decryption * Fix patch * Temp: update force to readonly * Add a comma --------- Co-authored-by: jinchung <jin.chung17@gmail.com>
Fixes APP-####
What changed (plus any additional context for devs)
Screen recordings / screenshots
What to test
Tests scenarios in the notion doc.