-
Notifications
You must be signed in to change notification settings - Fork 838
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
PM-15356: Resolve biometrics bypass #4448
Conversation
No New Or Fixed Issues Found |
6dfc5c9
to
3d65749
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This approach looks sound and equivalent to our Windows Hello approach. I don't really know the codebase so I'll leave it to others to approve
@@ -127,23 +131,23 @@ class SetupUnlockViewModel @Inject constructor( | |||
} | |||
} | |||
|
|||
private fun handleUnlockWithBiometricToggle( | |||
action: SetupUnlockAction.UnlockWithBiometricToggle, | |||
private fun handleUnlockWithBiometricToggleDisabled() { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
cb6b7e5
to
e27dee2
Compare
// Ignore result so biometrics function on devices that are in a state where key generation | ||
// is not functioning | ||
createCipherOrNull(userId) | ||
private fun destroyBiometrics(userId: String) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍 like how you condensed this all here!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
e27dee2
to
666d88a
Compare
666d88a
to
d5d1078
Compare
d5d1078
to
96d190b
Compare
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #4448 +/- ##
=======================================
Coverage 88.87% 88.87%
=======================================
Files 460 460
Lines 39940 39961 +21
Branches 5691 5694 +3
=======================================
+ Hits 35497 35517 +20
+ Misses 2459 2458 -1
- Partials 1984 1986 +2 ☔ View full report in Codecov by Sentry. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
96d190b
to
b7d256e
Compare
🎟️ Tracking
PM-15356
📔 Objective
This PR adds an extra layer of security to the biometrics prompt by signing the user key before storing it, meaning that only a real cipher from the Biometric Prompt can decrypt the data and unlock the vault.
⏰ Reminders before review
🦮 Reviewer guidelines
:+1:
) or similar for great changes:memo:
) or ℹ️ (:information_source:
) for notes or general info:question:
) for questions:thinking:
) or 💭 (:thought_balloon:
) for more open inquiry that's not quite a confirmedissue and could potentially benefit from discussion
:art:
) for suggestions / improvements:x:
) or:warning:
) for more significant problems or concerns needing attention:seedling:
) or ♻️ (:recycle:
) for future improvements or indications of technical debt:pick:
) for minor or nitpick changes