Fixed
Status Update
Comments
cu...@google.com <cu...@google.com>
sh...@gmail.com <sh...@gmail.com> #2
For Samsung devices having iris sensor like S8, if the user sets iris as his preferred biometric, it works well with current biometricPrompt.
But, the error code delivered from onAuthenticationError callback is very weird.
E.g., if the sensor is hard to detect user's iris since the face is so close, then the ERROR_HW_NOT_PRESENT is returned.
So, this issue needs to be resolved also. Since I'm thinking that Samsung iris meets the CDD requirements, at least, the application can use iris properly.
But, the error code delivered from onAuthenticationError callback is very weird.
E.g., if the sensor is hard to detect user's iris since the face is so close, then the ERROR_HW_NOT_PRESENT is returned.
So, this issue needs to be resolved also. Since I'm thinking that Samsung iris meets the CDD requirements, at least, the application can use iris properly.
kc...@google.com <kc...@google.com> #3
shinkieun@ could you file a new bug for that? A bugreport (adb bugreport foo.zip) and repro steps will be needed
ko...@gmail.com <ko...@gmail.com> #4
Are you able to open public (view and/or comment) access to that spreadsheet so we can see what devices are included?
Thanks!
Thanks!
ga...@gtempaccount.com <ga...@gtempaccount.com> #5
> For Samsung devices having iris sensor like S8, if the user sets iris as his preferred biometric, it works well with current biometricPrompt.
It's not actually true. In my tests, it will prompt you to scan your finger rather than scan your face, even though system settings asked for face scan. Also, we can observe the UserNotAuthenticatedException happening under the hood. S8, S9, S10 all have it.
It's not actually true. In my tests, it will prompt you to scan your finger rather than scan your face, even though system settings asked for face scan. Also, we can observe the UserNotAuthenticatedException happening under the hood. S8, S9, S10 all have it.
oy...@gmail.com <oy...@gmail.com> #6
I'm using androidx.biometric:biometric:1.0.0-rc01, and I'm having trouble with all my Samsung devices:
Samsung Galaxy A20e (Android 9, latest update)
- Fingerprint: Works fine
- Face recognition: android.security.KeyStoreException: Key user not authenticated
Samsung Galaxy Note8 (Android 9, latest update)
- Fingerprint: Works fine
- Iris: Works fine
- Face recognition: android.security.KeyStoreException: Key user not authenticated
Samsung Galaxy S9 (Android 9, latest update)
- Fingerprint: Works fine
- Iris: Works fine
- Intelligent Scan: Works fine
- Face recognition: BiometricPrompt.ERROR_NO_BIOMETRICS in onAuthenticationError in BiometricPrompt.AuthenticationCallback()
Samsung Galaxy S10 (Android 9, latest update)
- Fingerprint: Works fine
- Face recognition: BiometricPrompt.ERROR_NO_BIOMETRICS in onAuthenticationError in BiometricPrompt.AuthenticationCallback()
I don't understand how Samsung can use other than fingerprint on Android 9 when this page:https://source.android.com/security/biometric clearly states that Android 9 includes fingerprint integration for BiometricPrompt only.
Samsung Galaxy A20e (Android 9, latest update)
- Fingerprint: Works fine
- Face recognition: android.security.KeyStoreException: Key user not authenticated
Samsung Galaxy Note8 (Android 9, latest update)
- Fingerprint: Works fine
- Iris: Works fine
- Face recognition: android.security.KeyStoreException: Key user not authenticated
Samsung Galaxy S9 (Android 9, latest update)
- Fingerprint: Works fine
- Iris: Works fine
- Intelligent Scan: Works fine
- Face recognition: BiometricPrompt.ERROR_NO_BIOMETRICS in onAuthenticationError in BiometricPrompt.AuthenticationCallback()
Samsung Galaxy S10 (Android 9, latest update)
- Fingerprint: Works fine
- Face recognition: BiometricPrompt.ERROR_NO_BIOMETRICS in onAuthenticationError in BiometricPrompt.AuthenticationCallback()
I don't understand how Samsung can use other than fingerprint on Android 9 when this page:
ga...@gtempaccount.com <ga...@gtempaccount.com> #7
Samsung confirmed to me this:
"From Android 10, Preferred biometric will be removed. BiometricPrompt will always show Fingerprint authentication by default.
The current plan to roll out Android 10 is late this year or early next year."
Basically, the original plan was to let the end user chose his preferred biometric method, but (copying Apple) Google now goes for either fingerprint or Face ID. E.g. the new Pixel 4 is Face ID only.
"From Android 10, Preferred biometric will be removed. BiometricPrompt will always show Fingerprint authentication by default.
The current plan to roll out Android 10 is late this year or early next year."
Basically, the original plan was to let the end user chose his preferred biometric method, but (copying Apple) Google now goes for either fingerprint or Face ID. E.g. the new Pixel 4 is Face ID only.
ap...@google.com <ap...@google.com> #8
Project: platform/frameworks/support
Branch: androidx-master-dev
commit e0ddc6a9ef6fcb8a8a97817220ebaa5297fafb31
Author: Curtis Belmonte <curtislb@google.com>
Date: Tue Oct 08 11:02:50 2019
Add device list to dismiss fingerprint dialog instantly
Introduces a list of device models for which FingerprintDialogFragment
should be dismissed immediately on receiving an error or cancel signal.
This makes for a better user experience on devices that, for example,
provide custom overlays during fingerprint authentication.
Test: Manually, using crypto-bound key demo in support demo app
Bug: 142150327
Change-Id: Ic08bebb29f75aba98daf68a67b7c38c37bdb69dc
M biometric/res/values/devices.xml
M biometric/src/main/java/androidx/biometric/FingerprintDialogFragment.java
M biometric/src/main/java/androidx/biometric/FingerprintHelperFragment.java
M biometric/src/main/java/androidx/biometric/Utils.java
https://android-review.googlesource.com/1137656
https://goto.google.com/android-sha1/e0ddc6a9ef6fcb8a8a97817220ebaa5297fafb31
Branch: androidx-master-dev
commit e0ddc6a9ef6fcb8a8a97817220ebaa5297fafb31
Author: Curtis Belmonte <curtislb@google.com>
Date: Tue Oct 08 11:02:50 2019
Add device list to dismiss fingerprint dialog instantly
Introduces a list of device models for which FingerprintDialogFragment
should be dismissed immediately on receiving an error or cancel signal.
This makes for a better user experience on devices that, for example,
provide custom overlays during fingerprint authentication.
Test: Manually, using crypto-bound key demo in support demo app
Bug: 142150327
Change-Id: Ic08bebb29f75aba98daf68a67b7c38c37bdb69dc
M biometric/res/values/devices.xml
M biometric/src/main/java/androidx/biometric/FingerprintDialogFragment.java
M biometric/src/main/java/androidx/biometric/FingerprintHelperFragment.java
M biometric/src/main/java/androidx/biometric/Utils.java
ap...@google.com <ap...@google.com> #9
Project: platform/frameworks/support
Branch: androidx-master-dev
commit 93823c71dc8fcc577814c74f5e40793e6eb2a0c1
Author: Curtis Belmonte <curtislb@google.com>
Date: Mon Oct 07 14:29:40 2019
Add device list to force crypto auth via fingerprint
Introduces a list of device models for which
BiometricPrompt#authenticate will launch FingerprintDialogFragment
instead of BiometricFragment when called with a crypto object. This
is intended to work around an issue on some devices where crypto-based
authentication can be launched with weak biometrics.
Test: Manually using crypto-bound key demo in support demo app
Bug: 142150327
Change-Id: I1ff043ed0e7f7a72e3dab79fe54142480baac3a3
A biometric/res/values/devices.xml
M biometric/src/main/java/androidx/biometric/BiometricPrompt.java
M biometric/src/main/java/androidx/biometric/Utils.java
https://android-review.googlesource.com/1137655
https://goto.google.com/android-sha1/93823c71dc8fcc577814c74f5e40793e6eb2a0c1
Branch: androidx-master-dev
commit 93823c71dc8fcc577814c74f5e40793e6eb2a0c1
Author: Curtis Belmonte <curtislb@google.com>
Date: Mon Oct 07 14:29:40 2019
Add device list to force crypto auth via fingerprint
Introduces a list of device models for which
BiometricPrompt#authenticate will launch FingerprintDialogFragment
instead of BiometricFragment when called with a crypto object. This
is intended to work around an issue on some devices where crypto-based
authentication can be launched with weak biometrics.
Test: Manually using crypto-bound key demo in support demo app
Bug: 142150327
Change-Id: I1ff043ed0e7f7a72e3dab79fe54142480baac3a3
A biometric/res/values/devices.xml
M biometric/src/main/java/androidx/biometric/BiometricPrompt.java
M biometric/src/main/java/androidx/biometric/Utils.java
ap...@google.com <ap...@google.com> #10
Project: platform/frameworks/support
Branch: androidx-master-dev
commit 48887dbde866b1473fdb924e9b0509bd0114f7e4
Author: Curtis Belmonte <curtislb@google.com>
Date: Wed Oct 16 14:42:06 2019
Add Samsung devices to biometric workaround lists
Adds prefixes for Samsung devices that are known to present weak
biometrics when calling BiometricPrompt#authenticate(PromptInfo,
CryptoObject) on API 28 and 29. This allows developers calling into the
BiometricPrompt API through the AndroidX library to work around the
issue on these devices and their variants.
Test: Manually tested with Samsung devices in biometric demo app.
Bug: 142150327
Change-Id: Ia11672db30806ae41f37461ccbcbce758121573e
M biometric/res/values/devices.xml
https://android-review.googlesource.com/1145111
https://goto.google.com/android-sha1/48887dbde866b1473fdb924e9b0509bd0114f7e4
Branch: androidx-master-dev
commit 48887dbde866b1473fdb924e9b0509bd0114f7e4
Author: Curtis Belmonte <curtislb@google.com>
Date: Wed Oct 16 14:42:06 2019
Add Samsung devices to biometric workaround lists
Adds prefixes for Samsung devices that are known to present weak
biometrics when calling BiometricPrompt#authenticate(PromptInfo,
CryptoObject) on API 28 and 29. This allows developers calling into the
BiometricPrompt API through the AndroidX library to work around the
issue on these devices and their variants.
Test: Manually tested with Samsung devices in biometric demo app.
Bug: 142150327
Change-Id: Ia11672db30806ae41f37461ccbcbce758121573e
M biometric/res/values/devices.xml
ap...@google.com <ap...@google.com> #11
Project: platform/frameworks/support
Branch: androidx-master-dev
commit 10435ab81f5e20d69a4780eb7f1f713ac9762961
Author: Curtis Belmonte <curtislb@google.com>
Date: Wed Oct 16 14:33:20 2019
Update biometric workaround to use model prefixes
Makes the existing device-specific workaround to fall back to
FingerprintDialogFragment more general by updating it to expect device
model prefixes, rather than exact string device models to match against.
This allows us to cover device variants with different model suffixes.
Test: Manually, using the biometric support demo app.
Bug: 142150327
Change-Id: I3a109b8bdcf8a4bf59597cb99bf6b702734166cb
M biometric/res/values/devices.xml
M biometric/src/main/java/androidx/biometric/Utils.java
https://android-review.googlesource.com/1145110
https://goto.google.com/android-sha1/10435ab81f5e20d69a4780eb7f1f713ac9762961
Branch: androidx-master-dev
commit 10435ab81f5e20d69a4780eb7f1f713ac9762961
Author: Curtis Belmonte <curtislb@google.com>
Date: Wed Oct 16 14:33:20 2019
Update biometric workaround to use model prefixes
Makes the existing device-specific workaround to fall back to
FingerprintDialogFragment more general by updating it to expect device
model prefixes, rather than exact string device models to match against.
This allows us to cover device variants with different model suffixes.
Test: Manually, using the biometric support demo app.
Bug: 142150327
Change-Id: I3a109b8bdcf8a4bf59597cb99bf6b702734166cb
M biometric/res/values/devices.xml
M biometric/src/main/java/androidx/biometric/Utils.java
an...@google.com <an...@google.com> #12
The following changes were cherrypicked through Coastguard (https://android-build.googleplex.com/coastguard/ )
Release Track: (https://android-build.googleplex.com/coastguard/dashboard/5176090922385408/#/cherrypickHistory/all )
Created: 2019-10-17 01:13:42.291290+00:00
Changes: aosp/1145123, aosp/1145121, aosp/1145122, aosp/1145119
Release Track: (
Created: 2019-10-17 01:13:42.291290+00:00
Changes: aosp/1145123, aosp/1145121, aosp/1145122, aosp/1145119
cu...@google.com <cu...@google.com> #13
Fix is merged and will be in the 1.0.0-rc02 release.
ba...@gmail.com <ba...@gmail.com> #14
Hi. Appreciate the good job being done to cater for rebellious OEMs like Samsung. Please any idea when the rc02 release scheduled for? I kinda have my PM on my neck and a precise date or date range even will go a long way in keeping her calm rn.
kc...@google.com <kc...@google.com> #15
RC02 is scheduled for 10/23
ba...@gmail.com <ba...@gmail.com> #16
Thank you very much.
oy...@gmail.com <oy...@gmail.com> #17
I looked at the list (biometric/res/values/devices.xml) and I'm a little concerned that there are other Samsung devices with face recognition that is not covered.
In the list the following devices are blacklisted:
- Samsung Galaxy S8/S8+
- Samsung Galaxy S9/S9+
- Samsung Galaxy S10/S10+
- Samsung Galaxy Note 8
- Samsung Galaxy Note 9
- Samsung Galaxy Note 10/10+
- Samsung Galaxy A20/A20e
But, by doing some quick research, I found that some other models also includes face recognition:
- Samsung Galaxy S10e
- Samsung Galaxy A8/A8+
- Samsung Galaxy A9
- Samsung Galaxy A10
- Samsung Galaxy A40
- Samsung Galaxy A50
- Samsung Galaxy A70
Probably many others includes face recognition as well. I can't rely on this blacklisting if you have to add every device to that list.
In the list the following devices are blacklisted:
- Samsung Galaxy S8/S8+
- Samsung Galaxy S9/S9+
- Samsung Galaxy S10/S10+
- Samsung Galaxy Note 8
- Samsung Galaxy Note 9
- Samsung Galaxy Note 10/10+
- Samsung Galaxy A20/A20e
But, by doing some quick research, I found that some other models also includes face recognition:
- Samsung Galaxy S10e
- Samsung Galaxy A8/A8+
- Samsung Galaxy A9
- Samsung Galaxy A10
- Samsung Galaxy A40
- Samsung Galaxy A50
- Samsung Galaxy A70
Probably many others includes face recognition as well. I can't rely on this blacklisting if you have to add every device to that list.
da...@gmail.com <da...@gmail.com> #18
"From Android 10, Preferred biometric will be removed. BiometricPrompt will always show Fingerprint authentication by default."
This is ridiculous. I use Iris all the time on my S8 and it's much preferred over Fingerprint or Face. Why is Google always trying to fix what ain't broke. There is irony in the fact that they even removed Fingerprint sensor from Pixel 4, yet that is the default now?
...and they wonder why Android gets a bad rap compared to IOS. Infuriating and backwards policies they force upon users/developers.
This is ridiculous. I use Iris all the time on my S8 and it's much preferred over Fingerprint or Face. Why is Google always trying to fix what ain't broke. There is irony in the fact that they even removed Fingerprint sensor from Pixel 4, yet that is the default now?
...and they wonder why Android gets a bad rap compared to IOS. Infuriating and backwards policies they force upon users/developers.
ev...@willowtreeapps.com <ev...@willowtreeapps.com> #19
"From Android 10, Preferred biometric will be removed. BiometricPrompt will always show Fingerprint authentication by default."
That is a Samsung policy, please complain to them.
That is a Samsung policy, please complain to them.
ga...@gmail.com <ga...@gmail.com> #20
I think #18 is right in that Google messed up here.
1. Fingerprint API could handle Face ID (especially because it is one or the other), instead now you cannot login on Pixel 4 when an app is still on Fingerprint APIs
2. They wrote a new API instead for Face (again, there was no reason for it) AND intentionally blocked Samsung face tech out of it by categorizing them as "unsupported weak biometrics"
Samsung now says they will offer Iris on Android 10 but first you always get a fingerprint dialog and then you get a button or something within that dialog to go to Iris. Pretty UX, don't expect seamless logins. Even if your phone unlock is on Iris, you still get fingerprint every time.
1. Fingerprint API could handle Face ID (especially because it is one or the other), instead now you cannot login on Pixel 4 when an app is still on Fingerprint APIs
2. They wrote a new API instead for Face (again, there was no reason for it) AND intentionally blocked Samsung face tech out of it by categorizing them as "unsupported weak biometrics"
Samsung now says they will offer Iris on Android 10 but first you always get a fingerprint dialog and then you get a button or something within that dialog to go to Iris. Pretty UX, don't expect seamless logins. Even if your phone unlock is on Iris, you still get fingerprint every time.
sh...@gmail.com <sh...@gmail.com> #21
Since Android devices might have multi biometric sensors, it would be better to have something to support such biometrics.
oy...@gmail.com <oy...@gmail.com> #22
Today we released an update to our app which includes androidx.biometricprompt:1.0.0, and exactly what I commented on October 29th has happened:
A user with Samsung A70 (which is not blacklisted by Google) gets the UserNotAuthenticatedException because he has face recognition set as preferred biometrics, and tries to log into our app. You can't blacklist every Samsung device! You have to fix this another way!
A user with Samsung A70 (which is not blacklisted by Google) gets the UserNotAuthenticatedException because he has face recognition set as preferred biometrics, and tries to log into our app. You can't blacklist every Samsung device! You have to fix this another way!
ab...@gmail.com <ab...@gmail.com> #23
We are facing similar issue on our app. We released a version with biometricprompt:1.0.0, but looks like users on devices like Samsung A8 are still having issues. Google needs to put a proper fix for this issue instead of maintaining a weak device list.
[Deleted User] <[Deleted User]> #24
We are facing similar issue in our app. Samsung devices where i have not setup any fingerprint but can unlock with face or iris, is failing at key store usage with exception. Need an update at AndroidX library fix and google should release security patch to address biometric library usage.
[Deleted User] <[Deleted User]> #25
I'm experiencing ERROR_NO_BIOMETRICS error, when using authenticate(CryptoObject) with face recognition set as preferred on Samsung A50 Android 9 with latest updates. Shouldn't samsung use fingerprint as a fallback method?
Setting preferred method to fingerprint works great.
Setting preferred method to fingerprint works great.
ab...@gmail.com <ab...@gmail.com> #26
Samsung A50 is not on the device list maintained by the Biometric Prompt API and hence it does not fallback to fingerprint. Google needs to fix this another way as mentioned in #22.
ab...@gmail.com <ab...@gmail.com> #27
how is everyone handling this scenario on Samsung devices not on the list and hence not falling back to fingerprint ?
[Deleted User] <[Deleted User]> #28
If a Samsung user has face scan/iris enrolled and not fingerprint, is there a way to detect this? Using BiometricManager.canAuthenticate will return BIOMETRIC_SUCCESS, but that is kind of misleading as they will not be able to use the prompt. I would like the ability to not show biometrics as an option to the user, but seem kind of stuck. Am I not handling this correctly or does anyone else have the same issue?
Description
The long-term fix is to work with OEMs to resolve this issue, which is not the scope of this bug.
In the short term, we need to maintain a list of misbehaving devices, for which authenticate(CryptoObject) will temporarily invoke FingerprintManager (via FingerprintDialog/FingerprintHelper)
The purpose of this bug is to implement a whitelist to fallback to fingerprint. Once that's done, we'll add devices to the list to the next available release.