Comments (8)
When a new fingerprint is enrolled, with running initCipher, I expect to get KeyPermanentlyInvalidatedException but it returns true. what am I missing and how to fix this to get to know when a new fingerprint is added?
from security-samples.
Comment by fkie4ibm
Thursday Nov 22, 2018 at 01:47 GMT
I can get all finger id in integers.
private void getFingerprintInfo(Context context)
{
try {
FingerprintManager fingerprintManager = (FingerprintManager) context.getSystemService(Context.FINGERPRINT_SERVICE);
Method method = FingerprintManager.class.getDeclaredMethod("getEnrolledFingerprints");
Object obj = method.invoke(fingerprintManager);
if (obj != null) {
Class<?> clazz = Class.forName("android.hardware.fingerprint.Fingerprint");
Method getFingerId = clazz.getDeclaredMethod("getFingerId");
for (int i = 0; i < ((List) obj).size(); i++)
{
Object item = ((List) obj).get(i);
if(item != null)
{
System.out.println("fkie4. fingerId: " + getFingerId.invoke(item));
}
}
}
} catch (NoSuchMethodException | IllegalAccessException | InvocationTargetException | ClassNotFoundException e) {
e.printStackTrace();
}
}
please refer to this: https://android.googlesource.com/platform/frameworks/base/+/master/core/java/android/hardware/fingerprint/Fingerprint.java
there is a public method getFingerId( ), but it is not available for us to call because it has "@UnsupportedAppUsage".
so you need to use reflection to call the method. after you get a list of fingerprint id, you can encrypt them and store in sharedPreference.
Finger id is the id of the fingerprints stored in setting
After you get all finger ids, you can determine if user has added/deleted a fingerprint.
No need to count on the KeyPermanentlyInvalidatedException. It is not thrown in Android 8.0
Google didn't do such a good job....
from security-samples.
Comment by thagikura
Monday Sep 05, 2016 at 12:54 GMT
Hi,
Let me confirm, the expected behavior of enrolling a new fingerprint for the app is asking you the password with a checkbox saying use fingerprint in future.
So when you do like following:
- Enroll a fingerprint 1
- Open the app
- Purchase the item with the fingerprint, then succeed. (Keep the app open)
- Enroll another fingerprint 2
- Purchase the item in the app
- The app asks you the password
When I tried the app in my end, it worked correctly.
Could you confirm the behavior and let me know if it still doesn't work?
from security-samples.
Comment by jiazhao2048
Tuesday Sep 06, 2016 at 04:12 GMT
Thanks for reply.
You can reproduce the bug I found in this way
- Enroll a fingerprint 1
- Open the app
- Purchase the item with the fingerprint, then succeed.
- ** Kill the app ( it means you exit the app totally )
- Enroll another fingerprint 2
- Purchase the item in the app with fingerprint2, then succeed.
I read the source code and found the reason.
The creatKey( ) function is called in MainActivity->onCreate() method. Thus when the app relaunch the key is regenerated and the app can't detect the change of the fingerprint.
I creat a variate to keep the status the app's first launch and use it to decise call createKey() or not. It works as expected.
from security-samples.
Comment by jiazhao2048
Tuesday Sep 06, 2016 at 04:47 GMT
By the way I also found that the app won't require me to input the password when I delete an exsitent fingerprint.
- Enroll fingerprint1
- Enroll fingerprint2
- launch the app and I can purchase with fingerprint1/fingerprint2 as expect
- keep the app open and delete the fingerprint2
- purchase item with fingerprint1 successfully
- fail to purchase item with fingerprint2
I'm curious about how the app works. As I known the creatKey( ) is called at first time the app launch . How the key store in the app?
Do I ask a bad question?
Can you give me some useful information?
from security-samples.
Comment by coobing17
Thursday Apr 05, 2018 at 04:24 GMT
"I creat a variate to keep the status the app's first launch and use it to decise call createKey() or not. It works as expected."
can you tell me your variate code... @jiazhao2048
from security-samples.
Comment by IsracardTeam
Tuesday Apr 10, 2018 at 12:53 GMT
@bill-yudhistira @jiazhao2048 did you find a solution for this ?
from security-samples.
Comment by ddeath
Monday Dec 03, 2018 at 13:59 GMT
@thagikura I tried it with your flow and it did not ask for a password. I was using phone with android 7.
from security-samples.
Related Issues (20)
- Attachment.PLATFORM cause RESULT_CANCELED
- lerning
- Get Which Biometric is used for authentication on Onsucesscallback
- Meizu crashed when using AndroidKeyStore HOT 1
- I face the crash in xiaomi10
- Fido auth with Android SDK. Error from a server: invalid origin HOT 3
- low level error 0x6a80(28) HOT 1
- Not getting any callback while the IRIS scanner failed to authenticate a user.
- crash in samsung HOT 2
- androidx.biometric.BiometricPrompt.authenticate no longer works on android versions < 30 HOT 1
- Getting crash upon registering a new fingerprint on device HOT 1
- Biometrics Support for Multiple Users in the app(Token Based)
- Fido app: Missing or invalid authentication
- Is defining asset_statements necessary?
- BiometricLoginKotlin: crash at Emulator API33 HOT 2
- Fido2 PIN
- Min SDK Version
- fido2 404 Not Found
- When upgrading AGP from version 7.2.2 to 7.3.1, the implementation I had for detecting if there was a change in the biometric (e.g. adding a new fingerprint) does not work. HOT 1
- Android enable android:directBootAware="true" and android:defaultToDeviceProtectedStorage="true" HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from security-samples.