This repository contains the source code for my article about PIN & Biometrics authentication methods in Android apps.
This repository contains the source code for my article (habr, medium) about PIN & Biometrics authentication methods in Android apps.
For your comfort the repository is divided by several branches according to the article structure:
Each branch contains the final solution for the corresponding step.
This project is not about the right architecture™, but rather about authentication and security principles behind this process. Feel free to adapt these approaches to your needs.
Found this repository through the article and thought it was great. While giving it a try I found a crash that might be worth noticing.
Steps to reproduce:
AuthorizedFragment hit backTested in both Android API 28 and 29
The reason is that we are using the same crypto object to authenticate twice because when you go back and re-subscribe to the biometricParams live data its sending the previous params
Process: com.redmadrobot.authenticateme, PID: 18327
java.lang.Error: javax.crypto.IllegalBlockSizeException
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1173)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641)
at java.lang.Thread.run(Thread.java:919)
Caused by: javax.crypto.IllegalBlockSizeException
at android.security.keystore.AndroidKeyStoreCipherSpiBase.engineDoFinal(AndroidKeyStoreCipherSpiBase.java:519)
at javax.crypto.Cipher.doFinal(Cipher.java:2055)
at com.redmadrobot.authenticateme.unauthorized_zone.login.pin.input.InputPinViewModel$authenticationCallback$1.onAuthenticationSucceeded(InputPinViewModel.kt:53)
at androidx.biometric.BiometricFragment$2$2.run(BiometricFragment.java:138)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641)
at java.lang.Thread.run(Thread.java:919)
Caused by: android.security.KeyStoreException: Key user not authenticated
at android.security.KeyStore.getKeyStoreException(KeyStore.java:1292)
at android.security.keystore.KeyStoreCryptoOperationChunkedStreamer.update(KeyStoreCryptoOperationChunkedStreamer.java:132)
at android.security.keystore.KeyStoreCryptoOperationChunkedStreamer.doFinal(KeyStoreCryptoOperationChunkedStreamer.java:217)
at android.security.keystore.AndroidKeyStoreCipherSpiBase.engineDoFinal(AndroidKeyStoreCipherSpiBase.java:506)
Hello,
First of all, awesome article and even awesome repo. Just a quick question:
Since nowadays we have EncryptedSharedPreferences do we really need to use Pbkdf2Factory and all that logic of coding and decoding to safely store the pin? In your sample you end up using EncryptedSharedPreferencesbut you use another security layer on top of it. Is it just another security layer or it has other purposes?
Thanks.
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.