Status Update
Comments
py...@gmail.com <py...@gmail.com> #2
Note: I know alpha-02 has a fix for a biometric related leak:
However that change did not fix the leak reported here, as BiometricViewModel is still tied to the activity lifecycle no matter what and will hold the clientCallback reference until the activity is destroyed.
rb...@unwire.com <rb...@unwire.com> #3
ca...@gmail.com <ca...@gmail.com> #4
Can confirm that it still happens in 1.1.0-beta01
cu...@google.com <cu...@google.com>
ap...@google.com <ap...@google.com> #5
Branch: androidx-main
commit fcbbd9368d75b736de4b92d067be84421376b294
Author: Curtis Belmonte <curtislb@google.com>
Date: Wed Jan 20 15:54:34 2021
Reset BiometricViewModel callback in Fragment#onDestroy()
Currently, the client callback reference held by BiometricViewModel is
retained for the lifecycle of the hosting activity. In the (likely) case
that a client is using a fragment within that activity to host
BiometricPrompt and passes an AuthenticationCallback with a reference to
that fragment, this will cause the fragment to leak.
This commit applies a minimal fix for the issue by resetting the
callback reference held by the view model when the host fragment is
destroyed (via a LifecycleObserver). This shouldn't affect the prompt's
behavior across configuration changes such as device rotation, since the
callback should be reinitialized by the client in onCreate() or similar.
Test: Biometric integration test app on API 27-30.
Test: ./gradlew biometric:biometric:test
Test: ./gradlew biometric:biometric:connectedAndroidTest
Test: ./gradlew biometric:integration-tests:testapp:connectedAndroidTest
Bug: 167014923
Change-Id: I7086460fac3921a490f4e2abf0671adec5c146bd
M biometric/biometric/src/main/java/androidx/biometric/BiometricPrompt.java
M biometric/biometric/src/main/java/androidx/biometric/BiometricViewModel.java
cu...@google.com <cu...@google.com>
di...@gmail.com <di...@gmail.com> #6
I don't use Fragments and use a View-based solutions instead. I create prompt like this:
BiometricPrompt(requireActivity, myAuthCallback)
So it is tied to the activity and it still leaks my view-based screens (1.2.0-alpha02). Ideally there would be a way to reset this callback. Latest commit fixes this leak only for Fragments (sadly).
Is there any workaround maybe? Dirty (but working) ones would do too ;)
ja...@sharesies.co.nz <ja...@sharesies.co.nz> #7
An API allowing developers to pass in their own `LifecycleOwner` to set up the `ResetCallbackObserver` observer would be a relatively quick and easy fix for this. I'm more than happy to draft a change for this and submit it via GitHub!
te...@gmail.com <te...@gmail.com> #8
Any updates on this?
Description
Biometric library version:
1.1.0-alpha01
This bug was reported in Mozilla Fenix, but it's actually a leak in BiometricViewModel.
Mozilla Fenix bug report:https://github.com/mozilla-mobile/fenix/issues/13477
To reproduce, follow the official Android X sample code and add the sample code to a fragment. Display the login prompt, get the fragment destroyed, the fragment is now leaking
As soon as the fragment is destroyed, the leak triggers as the fragment cannot be garbage collected because the AuthenticationCallback implementation is retained.
Looking at the Android X sources , the callback is set in
BiometricPrompt
BiometricPrompt.init()
which is called from theBiometricPrompt
constructor and never unset.So, as it stands, there is no way to clear the callback, and
BiometricViewModel
is always created with an activity lifecycle, so the callback always has the lifecycle of the activity. This means that currently the library will leak any fragment it's used from.