BiometricPrompt causes crash when used on (non Samsung) API 28 device with no fingerprint sensor [151443237]

Fixed

Bug

[AOSP] assigned

Status Update

No update yet.

Description

em...@gmail.com

created issue #1

Mar 13, 2020 07:37PM

Looking at the source of BiometricPrompt it seems that it does not properly handle devices that are running API 28+ and do not have a fingerprint sensor.

Here is the if statement where the decision is made (line 716 of BiometricPrompt)

if (!shouldForceFingerprint && canUseBiometricFragment())

canUseBiometricFragment() only checks if the device is running API 28+ and shouldForceFingerprint is calculated mainly by shouldUseFingerprintforCrypto() . That method iterates through a list of devices that are considered not safe for crypto, all of them seem to be Samsung devices. The issue is that the code goes down the path of “I am running API 28 or grater so I am good to go” . This in turn tries to use the FingerprintManager class to get a string for the error during getErrorString(). This is null for our device since the hardware is not there. Devices that do not pass the if check from above (my Nexus 5 running API 23 for example) use the FingerprintHelperFragment and FingerprintDialogFragment classes to correctly handle not having a hardware sensor.

Here is the stacktrace of the issue:

Fatal Exception: java.lang.NullPointerException: Attempt to invoke virtual method 'java.lang.String android.hardware.fingerprint.FingerprintManager.getErrorString(int, int)' on a null object reference
at android.hardware.biometrics.BiometricPrompt.lambda$sendError$0(BiometricPrompt.java:490)
at android.hardware.biometrics.-$$Lambda$BiometricPrompt$HqBGXtBUWNc-v8NoHYsj2gLfaRw.run(-.java:6)
at android.os.Handler.handleCallback(Handler.java:873)
at android.os.Handler.dispatchMessage(Handler.java:99)
at android.os.Looper.loop(Looper.java:193)
at android.app.ActivityThread.main(ActivityThread.java:6725)
at java.lang.reflect.Method.invoke(Method.java)
at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:493)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:911)

The code should not use BiometricFragment for this scenario or if it does, BiometricFragment should check internally before using the FingerprintManager. Probably, the best solution is to have the code handle this case to use FingerprintHelperFragment and FingerprintDialogFragment.

library version: androidx.biometric:biometric:1.0.1
device: ATT Radiant (running Android 9.0 Go)

Comments

vi...@google.com <vi...@google.com> Mar 16, 2020 04:38AM

Assigned to vi...@google.com.

vi...@google.com <vi...@google.com> Mar 16, 2020 06:46AM

Reassigned to an...@google.com.

em...@gmail.com <em...@gmail.com> #2May 4, 2020 04:19PM

Hi Ed, Thank you so much for these suggestions. I've been reviewing them and merging them in. Hopefully it should be live. I've included a thank you note too in the article.

cu...@google.com <cu...@google.com> Aug 17, 2020 10:43PM

Reassigned to cu...@google.com.

ap...@google.com <ap...@google.com> #3Sep 18, 2020 09:52PM

Marked as fixed.

Great! Thanks a lot, I'll look for the live updates soon!

ob...@gmail.com <ob...@gmail.com> #4Oct 31, 2022 07:16PM

Bvc

Issue 151443237