react-native-keychain icon indicating copy to clipboard operation
react-native-keychain copied to clipboard
verified publisher icon oblador

Biometric prompt not re-appearing because of the 5-second validity period on Android 14 Pixel

Open Bowlerr opened this issue 9 months ago • 1 comments

Description:
On Android 14 (tested on a Pixel device), I've observed that if a user sets a generic password with biometrics and then logs out, logging back in with biometrics within the 5-second window does not trigger a new biometric prompt.

Steps to Reproduce:

  1. On a Pixel device running Android 14, call setGenericPassword with biometric authentication enabled.
  2. Within 5 seconds, use getGenericPassword with biometric authentication.
  3. Notice that the biometric prompt is not shown again.

Expected Behaviour:
The biometric prompt should be required upon every login attempt, regardless of the 5-second timeframe, to ensure secure authentication.

Observed Behaviour:
If the re-login occurs within 5 seconds, the system skips the biometric re-check, potentially compromising security.

Question:
Is there a specific reason for setting the validityDuration to 5 seconds? Would it be possible to modify this behaviour to always require a biometric prompt upon login?

1 second seemed to work in my small test.

Bowlerr avatar Mar 04 '25 13:03 Bowlerr