PhilippC
[BUG] Biometric unlock only working for short time
Checks
- [x] I have read the FAQ section, searched the open issues, and still think this is a new bug.
Describe the bug you encountered:
several users are reporting the issue that biometric unlock only works for few hours. After this, the app reports that it has been invalidated.
- might be related to an 1.12 update
- might be related to Samsung devices (new OS update there?)
Describe what you expected to happen:
No response
What version of Keepass2Android are you using?
1.12
Which version of Android are you on?
15
might be related to Samsung devices (new OS update there?)
Just adding that I am experiencing this exact issue recently on Pixel 6 Pro. Android 15 with Keepass2Android 1.12-r5. Doesn't seem to be specific to Samsung devices.
I've experienced this issue (still am) on the 1.12 update on a pixel 8 pro, both on the April and may security patches. I'll try and provide a log file next time it happens.
I am also experiencing this issue on Pixel 6a, Andoid 15 with Version 1.12-r5. I have been experiencing the issue since the design changed.
Can confirm this too. I noticed it was happening more frequently (or maybe exclusively?) when the application was opened by Auto-Fill button from the (Gboard) Keyboard.
Happens since 1.12-r5 too, Android 15 (S24 Ultra)
I have also this issue on a Pixel 6 Pro (1.12-r5 / Android 15 / May 2025 Update) and I have a LogCat for you. The Trigger is R2Mail2 (at.rundquadrat.android.r2mail2) at login and the problems are starting at 14:26:16.027 in the LogCat. In the ZIP-File is also a Screenshot from the message after clicking the biometric button with the error icon (red circle with exclamation mark instead of fingerprint icon).
Pixel 6 Android 15. I also experienced this problem. KP2A synced database from OneDrive, password + keyfile What I noticed is that sometimes the key type is set to only password. Then the fingerprint won't work and is lost. Reselecting password+keyfile works, but need to use password as the fingerprint has been invalidated. If I notice it in time and set the key type to password+keyfile before unlocking with my fingerprint, the fingerprint remains working.
Probably related issue https://github.com/PhilippC/keepass2android/issues/2869
would be nice to get some feedback regarding https://github.com/PhilippC/keepass2android/issues/2869#issuecomment-2936070867
I am still on Android 14 ( Samsung Galaxy 22) experiencing the same issue. Started at some point in the last week's.
would be nice to get some feedback regarding #2869 (comment)
I installed this, so I'll post feedback soon!
would be nice to get some feedback regarding #2869 (comment)
I tried the new build that reverted back to the old library and I still experience this issue. Log follows:
6/5/2025 8:29:00 AM:278 -- FileSelect.OnStart
6/5/2025 8:29:00 AM:289 -- PasswordActivity.OnCreate 2
6/5/2025 8:29:00 AM:290 -- PasswordActivity:apptask= 2
6/5/2025 8:29:00 AM:340 -- GetIocFromLaunchIntent()
6/5/2025 8:29:00 AM:340 -- no keyprovider specified
6/5/2025 8:29:00 AM:341 -- Reset keyfile
6/5/2025 8:29:00 AM:390 -- PasswordActivity.OnStart 2
6/5/2025 8:29:00 AM:394 -- FP: Create BiometricDecryption
6/5/2025 8:29:00 AM:397 -- FP: Init for Dec
6/5/2025 8:29:00 AM:401 -- alias: keepass2android.kp2a_ioc_1A5ACED48D03646BB2221F56437897FA3988C15E4E789F1BD10D3C76374406A0
6/5/2025 8:29:00 AM:401 -- alias: keepass2android.kp2a_ioc_1B44E505E67F8233D6E103B7AACAAD9816F7DD3EF632703726C174756888238D
6/5/2025 8:29:00 AM:402 -- alias: keepass2android.kp2a_ioc_8E1E69AA2F889BD2B7BBFE725C5CF15F8EC79F123257357DE2A8176E9EBAD56D
6/5/2025 8:29:00 AM:402 -- KS: end aliases
6/5/2025 8:29:00 AM:412 -- Fingerprint: StartListening
6/5/2025 8:29:00 AM:418 -- PasswordActivity.OnNewIntent 2
6/5/2025 8:29:00 AM:419 -- GetIocFromLaunchIntent()
6/5/2025 8:29:00 AM:419 -- no keyprovider specified
6/5/2025 8:29:00 AM:419 -- Reset keyfile
6/5/2025 8:29:00 AM:426 -- PasswordActivity.OnStart 2
6/5/2025 8:29:00 AM:426 -- FP: Create BiometricDecryption
6/5/2025 8:29:00 AM:426 -- FP: Init for Dec
6/5/2025 8:29:00 AM:427 -- alias: keepass2android.kp2a_ioc_1A5ACED48D03646BB2221F56437897FA3988C15E4E789F1BD10D3C76374406A0
6/5/2025 8:29:00 AM:427 -- alias: keepass2android.kp2a_ioc_1B44E505E67F8233D6E103B7AACAAD9816F7DD3EF632703726C174756888238D
6/5/2025 8:29:00 AM:428 -- alias: keepass2android.kp2a_ioc_8E1E69AA2F889BD2B7BBFE725C5CF15F8EC79F123257357DE2A8176E9EBAD56D
6/5/2025 8:29:00 AM:428 -- KS: end aliases
6/5/2025 8:29:00 AM:431 -- Fingerprint: StartListening
6/5/2025 8:29:00 AM:433 -- PasswordActivity.OnResume 2
6/5/2025 8:29:00 AM:433 -- DB null 2
6/5/2025 8:29:00 AM:434 -- starting: True, Finishing: False, _performingLoad: False
6/5/2025 8:29:00 AM:444 -- content://Database.kdbx isCached = True
6/5/2025 8:29:00 AM:449 -- Pre-loading database file starting
6/5/2025 8:29:00 AM:475 -- content://Database.kdbx isCached = True
6/5/2025 8:29:00 AM:501 -- content://Database.kdbx localVersionHash = 8269D0F18BFCEB5727F8622790DD7B6A8BBD7F712DC1BDB68DAA09180DB76964
6/5/2025 8:29:00 AM:510 -- content://Database.kdbx baseVersionHash = 8269D0F18BFCEB5727F8622790DD7B6A8BBD7F712DC1BDB68DAA09180DB76964
6/5/2025 8:29:00 AM:510 -- CFS: OpenWhenNoLocalChanges
6/5/2025 8:29:00 AM:511 -- CFS: hashing cached version
6/5/2025 8:29:00 AM:527 -- PasswordModeSpinner item selected: 0
6/5/2025 8:29:00 AM:527 -- PasswordModeSpinner item selected: 0
6/5/2025 8:29:00 AM:544 -- Ignoring onFillRequest as there is another request going on.
6/5/2025 8:29:00 AM:627 -- CFS: Files in Sync
6/5/2025 8:29:00 AM:639 -- Pre-loading database file completed
6/5/2025 8:29:01 AM:48 -- SelectCurrentDbActivity.OnStop 1
6/5/2025 8:29:01 AM:50 -- FileSelect.OnStop
6/5/2025 8:29:01 AM:78 -- FileSelect.OnDestroyTrue
6/5/2025 8:29:01 AM:79 -- FileSelect.OnStop
6/5/2025 8:29:01 AM:99 -- FileSelect.OnDestroyTrue
6/5/2025 8:29:01 AM:815 -- FP: Decrypting
6/5/2025 8:29:01 AM:820 -- GeneralSecurityException in DecryptStored
6/5/2025 8:29:01 AM:827 -- Java.Security.GeneralSecurityException: Exception_WasThrown, Java.Security.GeneralSecurityException
---> Java.Lang.Exception: Key user not authenticated (internal Keystore code: -26 message: system/security/keystore2/src/operation.rs:835: KeystoreOperation::update
Caused by:
0: system/security/keystore2/src/operation.rs:385: Trying to get auth tokens.
1: In AuthInfo::get_auth_tokens.
2: system/security/keystore2/src/enforcements.rs:90: No operation auth token received.
3: Error::Km(r#KEY_USER_NOT_AUTHENTICATED))
--- End of managed Java.Lang.Exception stack trace ---
android.security.KeyStoreException: Key user not authenticated (internal Keystore code: -26 message: system/security/keystore2/src/operation.rs:835: KeystoreOperation::update
Caused by:
0: system/security/keystore2/src/operation.rs:385: Trying to get auth tokens.
1: In AuthInfo::get_auth_tokens.
2: system/security/keystore2/src/enforcements.rs:90: No operation auth token received.
3: Error::Km(r#KEY_USER_NOT_AUTHENTICATED)) (public error code: 2 internal Keystore code: -26)
at android.security.KeyStore2.getKeyStoreException(KeyStore2.java:428)
at android.security.KeyStoreOperation.handleExceptions(KeyStoreOperation.java:79)
at android.security.KeyStoreOperation.update(KeyStoreOperation.java:118)
at android.security.keystore2.KeyStoreCryptoOperationChunkedStreamer$MainDataStream.update(KeyStoreCryptoOperationChunkedStreamer.java:222)
at android.security.keystore2.KeyStoreCryptoOperationChunkedStreamer.update(KeyStoreCryptoOperationChunkedStreamer.java:156)
at android.security.keystore2.KeyStoreCryptoOperationChunkedStreamer.doFinal(KeyStoreCryptoOperationChunkedStreamer.java:179)
at android.security.keystore2.AndroidKeyStoreCipherSpiBase.engineDoFinal(AndroidKeyStoreCipherSpiBase.java:624)
at javax.crypto.Cipher.doFinal(Cipher.java:2074)
at mono.java.lang.RunnableImplementor.n_run(Native Method)
at mono.java.lang.RunnableImplementor.run(RunnableImplementor.java:31)
at android.os.Handler.handleCallback(Handler.java:991)
at android.os.Handler.dispatchMessage(Handler.java:102)
at android.os.Looper.loopOnce(Looper.java:232)
at android.os.Looper.loop(Looper.java:317)
at android.app.ActivityThread.main(ActivityThread.java:8934)
at java.lang.reflect.Method.invoke(Native Method)
at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:591)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:911)
--- End of managed Java.Lang.Exception stack trace ---
android.security.KeyStoreException: Key user not authenticated (internal Keystore code: -26 message: system/security/keystore2/src/operation.rs:835: KeystoreOperation::update
Caused by:
0: system/security/keystore2/src/operation.rs:385: Trying to get auth tokens.
1: In AuthInfo::get_auth_tokens.
2: system/security/keystore2/src/enforcements.rs:90: No operation auth token received.
3: Error::Km(r#KEY_USER_NOT_AUTHENTICATED)) (public error code: 2 internal Keystore code: -26)
at android.security.KeyStore2.getKeyStoreException(KeyStore2.java:428)
at android.security.KeyStoreOperation.handleExceptions(KeyStoreOperation.java:79)
at android.security.KeyStoreOperation.update(KeyStoreOperation.java:118)
at android.security.keystore2.KeyStoreCryptoOperationChunkedStreamer$MainDataStream.update(KeyStoreCryptoOperationChunkedStreamer.java:222)
at android.security.keystore2.KeyStoreCryptoOperationChunkedStreamer.update(KeyStoreCryptoOperationChunkedStreamer.java:156)
at android.security.keystore2.KeyStoreCryptoOperationChunkedStreamer.doFinal(KeyStoreCryptoOperationChunkedStreamer.java:179)
at android.security.keystore2.AndroidKeyStoreCipherSpiBase.engineDoFinal(AndroidKeyStoreCipherSpiBase.java:624)
at javax.crypto.Cipher.doFinal(Cipher.java:2074)
at mono.java.lang.RunnableImplementor.n_run(Native Method)
at mono.java.lang.RunnableImplementor.run(RunnableImplementor.java:31)
at android.os.Handler.handleCallback(Handler.java:991)
at android.os.Handler.dispatchMessage(Handler.java:102)
at android.os.Looper.loopOnce(Looper.java:232)
at android.os.Looper.loop(Looper.java:317)
at android.app.ActivityThread.main(ActivityThread.java:8934)
at java.lang.reflect.Method.invoke(Native Method)
at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:591)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:911)
Exception_EndOfInnerExceptionStack
at Java.Interop.JniEnvironment.InstanceMethods.CallNonvirtualObjectMethod(JniObjectReference , JniObjectReference , JniMethodInfo , JniArgumentValue* )
at Java.Interop.JniPeerMembers.JniInstanceMethods.InvokeNonvirtualObjectMethod(String , IJavaPeerable , JniArgumentValue* )
at Javax.Crypto.Cipher.DoFinal(Byte[] )
at keepass2android.BiometricDecryption.Decrypt(String encryted)
at keepass2android.BiometricDecryption.DecryptStored(String prefKey)
at keepass2android.PasswordActivity.OnBiometricAuthSucceeded()
--- End of managed Java.Security.GeneralSecurityException stack trace ---
javax.crypto.IllegalBlockSizeException
at android.security.keystore2.AndroidKeyStoreCipherSpiBase.engineDoFinal(AndroidKeyStoreCipherSpiBase.java:634)
at javax.crypto.Cipher.doFinal(Cipher.java:2074)
at mono.java.lang.RunnableImplementor.n_run(Native Method)
at mono.java.lang.RunnableImplementor.run(RunnableImplementor.java:31)
at android.os.Handler.handleCallback(Handler.java:991)
at android.os.Handler.dispatchMessage(Handler.java:102)
at android.os.Looper.loopOnce(Looper.java:232)
at android.os.Looper.loop(Looper.java:317)
at android.app.ActivityThread.main(ActivityThread.java:8934)
at java.lang.reflect.Method.invoke(Native Method)
at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:591)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:911)
Caused by: android.security.KeyStoreException: Key user not authenticated (internal Keystore code: -26 message: system/security/keystore2/src/operation.rs:835: KeystoreOperation::update
Caused by:
0: system/security/keystore2/src/operation.rs:385: Trying to get auth tokens.
1: In AuthInfo::get_auth_tokens.
2: system/security/keystore2/src/enforcements.rs:90: No operation auth token received.
3: Error::Km(r#KEY_USER_NOT_AUTHENTICATED)) (public error code: 2 internal Keystore code: -26)
at android.security.KeyStore2.getKeyStoreException(KeyStore2.java:428)
at android.security.KeyStoreOperation.handleExceptions(KeyStoreOperation.java:79)
at android.security.KeyStoreOperation.update(KeyStoreOperation.java:118)
at android.security.keystore2.KeyStoreCryptoOperationChunkedStreamer$MainDataStream.update(KeyStoreCryptoOperationChunkedStreamer.java:222)
at android.security.keystore2.KeyStoreCryptoOperationChunkedStreamer.update(KeyStoreCryptoOperationChunkedStreamer.java:156)
at android.security.keystore2.KeyStoreCryptoOperationChunkedStreamer.doFinal(KeyStoreCryptoOperationChunkedStreamer.java:179)
at android.security.keystore2.AndroidKeyStoreCipherSpiBase.engineDoFinal(AndroidKeyStoreCipherSpiBase.java:624)
... 11 more
--- End of managed Java.Security.GeneralSecurityException stack trace ---
javax.crypto.IllegalBlockSizeException
at android.security.keystore2.AndroidKeyStoreCipherSpiBase.engineDoFinal(AndroidKeyStoreCipherSpiBase.java:634)
at javax.crypto.Cipher.doFinal(Cipher.java:2074)
at mono.java.lang.RunnableImplementor.n_run(Native Method)
at mono.java.lang.RunnableImplementor.run(RunnableImplementor.java:31)
at android.os.Handler.handleCallback(Handler.java:991)
at android.os.Handler.dispatchMessage(Handler.java:102)
at android.os.Looper.loopOnce(Looper.java:232)
at android.os.Looper.loop(Looper.java:317)
at android.app.ActivityThread.main(ActivityThread.java:8934)
at java.lang.reflect.Method.invoke(Native Method)
at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:591)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:911)
Caused by: android.security.KeyStoreException: Key user not authenticated (internal Keystore code: -26 message: system/security/keystore2/src/operation.rs:835: KeystoreOperation::update
Caused by:
0: system/security/keystore2/src/operation.rs:385: Trying to get auth tokens.
1: In AuthInfo::get_auth_tokens.
2: system/security/keystore2/src/enforcements.rs:90: No operation auth token received.
3: Error::Km(r#KEY_USER_NOT_AUTHENTICATED)) (public error code: 2 internal Keystore code: -26)
at android.security.KeyStore2.getKeyStoreException(KeyStore2.java:428)
at android.security.KeyStoreOperation.handleExceptions(KeyStoreOperation.java:79)
at android.security.KeyStoreOperation.update(KeyStoreOperation.java:118)
at android.security.keystore2.KeyStoreCryptoOperationChunkedStreamer$MainDataStream.update(KeyStoreCryptoOperationChunkedStreamer.java:222)
at android.security.keystore2.KeyStoreCryptoOperationChunkedStreamer.update(KeyStoreCryptoOperationChunkedStreamer.java:156)
at android.security.keystore2.KeyStoreCryptoOperationChunkedStreamer.doFinal(KeyStoreCryptoOperationChunkedStreamer.java:179)
at android.security.keystore2.AndroidKeyStoreCipherSpiBase.engineDoFinal(AndroidKeyStoreCipherSpiBase.java:624)
... 11 more
would be nice to get some feedback regarding #2869 (comment)
I installed this, so I'll post feedback soon!
Unfortunately this version did not fix the problem..
Thanks for your feedback! It's still a mystery to me... Is there anybody here experiencing the fingeprint issue who DOES NOT have a key file?
@PhilippC I forgot to mention that i do not use a key file.
I am goiing to uninstall the current version and reinstall the previous version that was on Playstore (was it v1.12-r3?), but i need to first figure out the password of one attached KeeShare keyfile in case i need to enter both keyfiles password..
@hertell Thanks for the info. I guess that "losing the keyfile" is rather a side effect of the biometric issue then. My current hypthosis is that with the 1.12 update, I changed the "target sdk version" of the app which makes Android behave differently than before. You probably need to revert to 1.11 (https://github.com/PhilippC/keepass2android/releases/tag/v1.11-r0) to see the previous behavior.
@PhilippC I switched back to 1.11-r0, and for now all seems to be back as before (except the work trying to remember my settings :-) Btw. Would be nice to have an option to save/export your app settings, and store them inside the keepass database. Would make it much easier to restore if you need to eg switch your phone/reinstall etc :-)
Thanks for your feedback! It's still a mystery to me... Is there anybody here experiencing the fingeprint issue who DOES NOT have a key file?
Yes. I'm having the same problem since a few weeks but only use a password, no keyfile. Problem seems to occur only when trying to use auto complete from GBoard but not when starting Keepass manually.
Thanks for your feedback! It's still a mystery to me... Is there anybody here experiencing the fingeprint issue who DOES NOT have a key file?
no keyfile here, just a plain password in use.
@hertell Thanks for the info. I guess that "losing the keyfile" is rather a side effect of the biometric issue then. My current hypthosis is that with the 1.12 update, I changed the "target sdk version" of the app which makes Android behave differently than before. You probably need to revert to 1.11 (https://github.com/PhilippC/keepass2android/releases/tag/v1.11-r0) to see the previous behavior.
aye, know that pain. switched sdk on my app a few weeks ago as well after coming back to it from 2022. It has a lot of surprises in store for me :-)
Sadly I cant sideload the old version, rely on whats on the play store for installation. So if you can keep trying to nail that one down, that what be awesome.
Please verify that this is fixed in https://github.com/PhilippC/keepass2android/releases/tag/v1.12-r6b
Had this bug as well. Lost the biometric login (however, didn't made a deep research). After installing v1.12-r6b this problem seems to be gone.
I had the same bug and can confirm that it's gone with version 1.12-r6b. Thank you for the great work!
Sorry to hijack this closed issue. @PhilippC you have any plans to publish the 1.12-r6b or a version that fixes this bug to the play store?
That has already happened. I am using the app from the play store and the bug is gone for a while now.
The play store app tells me that the latest version is dated 15.4.2025, and the version is 1.12-r5, but now that i check a browser https://play.google.com/store/apps/details?id=keepass2android.keepass2android&hl=en the version is the same, and the date is 30.6.2025.. Strange.
Sorry to hijack this closed issue. @PhilippC you have any plans to publish the 1.12-r6b or a version that fixes this bug to the play store?
Also my apologies for going somewhat off topic, but for me the app hasn't been updated either. It's stuck on the 1.12-r5 from April 15, 2025, for two devices. I still encounter the bug as well. Is Google Play doing a phased rollout?
please switch to https://play.google.com/console/u/0/developers/7907722212310110298/app/4972830962724935697/tracks/open-testing to get updates faster.