react-native-sensitive-info icon indicating copy to clipboard operation
react-native-sensitive-info copied to clipboard

Published 20 hours ago verified publisher icon mCodex

setItem triggers Fingerprint on Android

Open artola opened this issue 4 years ago • 6 comments

The following code (from the docs) triggers the fingerprint auth in Android while in iOs does not triggers (correctly) the Face ID.

Using v6 @next

I did expect a validation to retrieve the data, but not to store it for first time. Is it right? what is the expectation?

import SInfo from 'react-native-sensitive-info';

const savingFirstData = await SInfo.setItem('key1', 'value1', {
    sharedPreferencesName: 'mySharedPrefs',
    keychainService: 'myKeychain',
    touchID: true, //add this key
    showModal: true, //add this key
    kSecAccessControl: 'kSecAccessControlBiometryAny' // optional - Add support for FaceID
});

artola avatar Feb 10 '21 22:02 artola

@mCodex This issue was reported before: https://github.com/mCodex/react-native-sensitive-info/issues/226

Nevertheless, while on iOs everything runs smooth, Android user experience is not that good (like require 2 times the fingerprint because of 1 get and a successive set). Playing with the options (adding them in get or set) produces very different effects depending in the platform. For example, iOs ignores the options (see example above) during the set, while Android honors them.

To be honest, due these limitations I am thinking about using other packages, 1 for encrypted storage (as using this one without options, valid too) plus 1 for biometric validation that also supports fallback to code and perform the 2 steps logic where required.

artola avatar Feb 14 '21 18:02 artola

@artola it would be great if we could save into the keystore without having to use the fingerprint. Then the problem of seeing the fingerprint modal two times would be solved.

Thanks for your work!

warrioru avatar Feb 18 '21 18:02 warrioru

@mCodex If the library is somehow upgraded for Api level 30 supporting setUserAuthenticationParameters it would allow us to pass the timeout and auth type required, with a timeout of several seconds will allow to set/get without invoking again and again the auth.

https://developer.android.com/reference/android/security/keystore/KeyGenParameterSpec.Builder#setUserAuthenticationParameters(int,%20int)

Just after setting the requirement for auth, add the extra options herein:

https://github.com/mCodex/react-native-sensitive-info/blob/1575f8992ff7113443199bce5a3fb1e11392878d/android/src/main/java/br/com/classapp/RNSensitiveInfo/RNSensitiveInfoModule.java#L367

artola avatar Feb 21 '21 12:02 artola

Thanks for pointing this out. I totally agree with you thinking about UX is not good.

I'd like to fix this, because I'm very concerned about UX stuff.

Feel free to open a PR to address this issue in v6

mCodex avatar Feb 28 '21 13:02 mCodex

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

stale[bot] avatar Mar 30 '21 20:03 stale[bot]

hi @mCodex and @artola do you have plans to work on this?

fedeerbes avatar May 12 '21 18:05 fedeerbes