-
Notifications
You must be signed in to change notification settings - Fork 832
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
PM-15356: Resolve biometrics bypass #4448
base: main
Are you sure you want to change the base?
Conversation
New Issues
Fixed Issues
|
6dfc5c9
to
3d65749
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This approach looks sound and equivalent to our Windows Hello approach. I don't really know the codebase so I'll leave it to others to approve
@@ -127,23 +131,23 @@ class SetupUnlockViewModel @Inject constructor( | |||
} | |||
} | |||
|
|||
private fun handleUnlockWithBiometricToggle( | |||
action: SetupUnlockAction.UnlockWithBiometricToggle, | |||
private fun handleUnlockWithBiometricToggleDisabled() { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
cb6b7e5
to
e27dee2
Compare
// Ignore result so biometrics function on devices that are in a state where key generation | ||
// is not functioning | ||
createCipherOrNull(userId) | ||
private fun destroyBiometrics(userId: String) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍 like how you condensed this all here!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
e27dee2
to
666d88a
Compare
666d88a
to
d5d1078
Compare
🎟️ Tracking
PM-15356
📔 Objective
This PR adds an extra layer of security to the biometrics prompt by signing the user key before storing it, meaning that only a real cipher from the Biometric Prompt can decrypt the data and unlock the vault.
⏰ Reminders before review
🦮 Reviewer guidelines
:+1:
) or similar for great changes:memo:
) or ℹ️ (:information_source:
) for notes or general info:question:
) for questions:thinking:
) or 💭 (:thought_balloon:
) for more open inquiry that's not quite a confirmedissue and could potentially benefit from discussion
:art:
) for suggestions / improvements:x:
) or:warning:
) for more significant problems or concerns needing attention:seedling:
) or ♻️ (:recycle:
) for future improvements or indications of technical debt:pick:
) for minor or nitpick changes