xamarin-fingerprint icon indicating copy to clipboard operation
xamarin-fingerprint copied to clipboard

Published 20 hours ago verified publisher icon smstuebe

Android - After too many attempts, auto close is seen as too many attempts too

Open denzerd opened this issue 4 years ago • 1 comments

Hi,

we are integrating fingerprint/faceID within our app in order to have a faster login experience for our users. However for security reasons if the biometric authentication fails for too many attempts (5 in Android) we wipe the users credentials from the device and the user has to login again "manually" with username and password.

In Android for too many false attempts the system returns ERROR_LOCKOUT which is treated as too many attempts by the library (which is fine). According to the Android documentation https://developer.android.com/reference/androidx/biometric/BiometricPrompt.html#ERROR_LOCKOUT this also comes with a 30 second timeout which locks the biometric authentication. This timer seems to be manufacturer dependent for me as on my Samsung device it takes much longer, but that's just for the notes.

Now to my problem :) if the user fails 5 times and logs in with his credentials and then logs out within this 30 second time frame, it will bring him back to the login screen which wants to ask him for his biometric auth. However in that moment the auth fails automatically (as it is in the 30 second lock) which is then seen by the Plugin as too many attempts again, which will then wipe the user credentials even though he didn't cause the false attempt.

Steps to reproduce

  1. Cause a Lock out (putting a wrong finger 5 times on the fingerprint scanner)

  2. Call the prompt again within the lockout time frame.

Expected behavior

I would expect some status like Timeout in order to indicate that the user is currently timed out and biometric prompt can't be used. Alternatively a method that returns a bool to check if we are currently timed out or not.

Actual behavior

See description above, if we are timed out the status is returned as tooManyAttempts.

Crashlog

/

Configuration

Version of the Plugin: 1.4.9

Platform: I only tested on Android 9

Device: Samsung Galaxy S8

denzerd avatar Dec 06 '19 08:12 denzerd

Hi @denzerd,

I'm the friendly issue checker. Thanks for using the issue template :star2: I appreciate it very much. I'm sure, the maintainers of this repository will answer, soon.

smsissuechecker avatar Dec 06 '19 08:12 smsissuechecker