Fixed
Status Update
No update yet.
Comments
vi...@google.com
vi...@google.com
Hi Ed, Thank you so much for these suggestions. I've been reviewing them and merging them in. Hopefully it should be live. I've included a thank you note too in the article.
ma...@gmail.com
Great! Thanks a lot, I'll look for the live updates soon!
ma...@gmail.com
But I do not have issue if I remove "setDeviceCredentialAllowed", that's what make me thing there is something wrong
Steps to reproduce:
- Fingerprint configured in settings
- Biometric prompt showing
- Tap on cancel
- Tap on Toast button
- Toast is showing
Scenario 2:
- Device credential configured (Pattern)
- Biometric prompt showing pattern authentication
- Tap on Cancel
- Tap on Toast button
- Activity is not responding (can't tap on button)
Behaviour is not the same between biometric and credentials authentication
Steps to reproduce:
- Fingerprint configured in settings
- Biometric prompt showing
- Tap on cancel
- Tap on Toast button
- Toast is showing
Scenario 2:
- Device credential configured (Pattern)
- Biometric prompt showing pattern authentication
- Tap on Cancel
- Tap on Toast button
- Activity is not responding (can't tap on button)
Behaviour is not the same between biometric and credentials authentication
kc...@google.com
Assigning back to triage queue so it's not lost in mine, will take a look soon.
cu...@google.com
mathieumolette@gmail.com: You're right that this is likely caused by invoking BiometricPrompt in onResume, causing an authentication loop. But the specific side effect of having the transparent handling activity get stuck onscreen is definitely not intended and ideally shouldn't be this easy to run into. I'll look into making this more robust.
cu...@google.com
ap...@google.com
Project: platform/frameworks/support
Branch: androidx-master-dev
commit a9cbd7e42fd38c18395c23fd17622c731c60c724
Author: Curtis Belmonte <curtislb@google.com>
Date: Mon Oct 28 11:00:33 2019
Fix leak of biometric credential handler activity
Due to a race condition, which can be triggered by launching
BiometricPrompt immediately after it's dismissed (e.g., by calling
authenticate() in onResume() or onCreate()), it's currently possible for
the transparent DeviceCredentialHandlerActivity to get stuck onscreen.
This results in no visible change but consumes all touch events until
the user presses back or pauses the activity.
This commit fixes the issue of the activity getting stuck onscreen by
ensuring that DeviceCredentialHandlerActivity is finished (without an
explicit authentication result) in this case.
Test: Have sample app call BiometricPrompt#authenticate() in onResume()
Before: After first auth, transparent activity is stuck onscreen
After: After first auth, the prompt launches again successfully
Fixes: 143091227
Change-Id: Id11918662be4634c017094806816a990e84ffd62
M biometric/src/main/java/androidx/biometric/DeviceCredentialHandlerActivity.java
https://android-review.googlesource.com/1151594
https://goto.google.com/android-sha1/a9cbd7e42fd38c18395c23fd17622c731c60c724
Branch: androidx-master-dev
commit a9cbd7e42fd38c18395c23fd17622c731c60c724
Author: Curtis Belmonte <curtislb@google.com>
Date: Mon Oct 28 11:00:33 2019
Fix leak of biometric credential handler activity
Due to a race condition, which can be triggered by launching
BiometricPrompt immediately after it's dismissed (e.g., by calling
authenticate() in onResume() or onCreate()), it's currently possible for
the transparent DeviceCredentialHandlerActivity to get stuck onscreen.
This results in no visible change but consumes all touch events until
the user presses back or pauses the activity.
This commit fixes the issue of the activity getting stuck onscreen by
ensuring that DeviceCredentialHandlerActivity is finished (without an
explicit authentication result) in this case.
Test: Have sample app call BiometricPrompt#authenticate() in onResume()
Before: After first auth, transparent activity is stuck onscreen
After: After first auth, the prompt launches again successfully
Fixes: 143091227
Change-Id: Id11918662be4634c017094806816a990e84ffd62
M biometric/src/main/java/androidx/biometric/DeviceCredentialHandlerActivity.java
Description
Android Studio 3.5.1
compileSdkVersion 29
minSdkVersion 21
targetSdkVersion 29
def biometric_version = "1.0.0-rc01"
implementation "androidx.biometric:biometric:$biometric_version"
Scenario 1:
- No biometric or device credentials (PIN, pattern, password) configured
- Biometric prompt not showing
- Activity is not responding (can't tap on button or textfields)
Scenario 2:
- Device credential configured (Pattern)
- Biometric prompt showing pattern authentication
- Tap on Cancel
- Activity is not responding (can't tap on button or textfields)
I can see in the logs "Authentication canceled by user" for both scenario
When fingerprint is configured ans prompt ask for fingerprint if I cancel the activity is responding
It occurs only for device credentials when setDeviceCredentialAllowed(true)