Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Wallet-app login dialog wrongly claim to biometric even when it is not. #196

Open
Hendrik-Schmidt-Schierhorn-TSI opened this issue May 20, 2022 · 0 comments
Assignees
Labels
bug Something isn't working

Comments

@Hendrik-Schmidt-Schierhorn-TSI

Description

The wallet-app is protected by login dialog. The dialog is depending on the device features protected by biometrics or another device unlock method. However it always wrongly claims to be a biometric login even on phone not supporting biometrics.

In class AuthFragment ;
val prompt = BiometricPrompt.PromptInfo.Builder()
.setTitle(getString(R.string.biometric_dialog_title))
.setSubtitle(getString(R.string.biometric_dialog_subtitle))

Possible Fix

Always uses these hardcoded values:
Biometric login
Log in using your biometric credential
This security feature wrongly advertises itself and gives a false sense of security.

Impact

Wallet-app login suggest biometric level security on non-biometric devices.
Recommendation:
• Change login screen text and design accordingly on non-biometric devices.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

2 participants