BiometricManager.canAuthenticate(BIOMETRIC_STRONG) has crashed once on API 29 [183319021]

Assigned

Bug

Status Update

No update yet.

Description

re...@gmail.com

created issue #1

Mar 22, 2021 04:06PM

BUILD INFO

Device type: Galaxy A71
OS version: Android 10
Biometric library version: 1.1.0

STEPS TO REPRODUCE

I'm not sure, as the issue came from our crash report system. It is just a random crash that happened after calling BiometricManager.canAuthenticate(BIOMETRIC_STRONG). It happened in the Settings screen of our app, which comes after the Login screen, which also calls the same method. In other words, it worked when it was first called, but then it failed later.

EXPECTED RESULTS

The call to BiometricManager.canAuthenticate(BIOMETRIC_STRONG) should not crash

OBSERVED RESULTS

Crash

NUMBER OF TIMES YOU WERE ABLE TO REPRODUCE (e.g. 3/10)

It happened only once with one user

LOGS

I see the following crash in our crash report system:

java.security.ProviderException: Keystore operation failed
  at android.security.keystore.AndroidKeyStoreKeyGeneratorSpi.engineGenerateKey(AndroidKeyStoreKeyGeneratorSpi.java:378)
  at javax.crypto.KeyGenerator.generateKey(KeyGenerator.java:612)
  at androidx.biometric.CryptoObjectUtils.createFakeCryptoObject(CryptoObjectUtils.java:256)
  at androidx.biometric.BiometricManager.canAuthenticateWithStrongBiometricOnApi29(BiometricManager.java:419)
  at androidx.biometric.BiometricManager.canAuthenticateCompat(BiometricManager.java:386)
  at {package}.fingerprint.BiometricUtils.getBiometricSupportLevelForLogin(BiometricUtils.java:3343)
  at androidx.biometric.BiometricManager.canAuthenticate(BiometricManager.java:343)
  at {package}.fingerprint.BiometricUtils.getBiometricSupportLevelForLogin(BiometricUtils.java:19)
  at {package}.domain.biometrics.GetBiometricsSupportForLoginInteractor.execute(GetBiometricsSupportForLoginInteractor.java:13)
  at {package}.ui.settings.SettingsViewModel$$special$$inlined$apply$lambda$1$1.invoke(SettingsViewModel.java:85)
  at {package}.ui.settings.SettingsViewModel$$special$$inlined$apply$lambda$1$1.invokeSuspend(SettingsViewModel.java:85)
  at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(BaseContinuationImpl.java:33)
  at kotlinx.coroutines.DispatchedTask.run(DispatchedTask.java:106)
  at kotlinx.coroutines.scheduling.CoroutineScheduler.submitToLocalQueue(CoroutineScheduler.java:571)
  at kotlinx.coroutines.scheduling.CoroutineScheduler.runSafely(CoroutineScheduler.java:571)
  at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.run(CoroutineScheduler.java:9738)
  Caused by: android.security.KeyStoreException: 16
    at android.security.KeyStore.getKeyStoreException(KeyStore.java:1538)
    at android.security.keystore.AndroidKeyStoreKeyGeneratorSpi.engineGenerateKey(AndroidKeyStoreKeyGeneratorSpi.java:378)
    at javax.crypto.KeyGenerator.generateKey(KeyGenerator.java:612)
    at androidx.biometric.CryptoObjectUtils.createFakeCryptoObject(CryptoObjectUtils.java:256)
    at androidx.biometric.BiometricManager.canAuthenticateWithStrongBiometricOnApi29(BiometricManager.java:419)
    at androidx.biometric.BiometricManager.canAuthenticateCompat(BiometricManager.java:386)
    at {package}.fingerprint.BiometricUtils.getBiometricSupportLevelForLogin(BiometricUtils.java:3343)
    at androidx.biometric.BiometricManager.canAuthenticate(BiometricManager.java:343)
    at {package}.fingerprint.BiometricUtils.getBiometricSupportLevelForLogin(BiometricUtils.java:19)
    at {package}.domain.biometrics.GetBiometricsSupportForLoginInteractor.execute(GetBiometricsSupportForLoginInteractor.java:13)
    at {package}.ui.settings.SettingsViewModel$$special$$inlined$apply$lambda$1$1.invoke(SettingsViewModel.java:85)
    at {package}.ui.settings.SettingsViewModel$$special$$inlined$apply$lambda$1$1.invokeSuspend(SettingsViewModel.java:85)
    at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(BaseContinuationImpl.java:33)
    at kotlinx.coroutines.DispatchedTask.run(DispatchedTask.java:106)
    at kotlinx.coroutines.scheduling.CoroutineScheduler.submitToLocalQueue(CoroutineScheduler.java:571)
    at kotlinx.coroutines.scheduling.CoroutineScheduler.runSafely(CoroutineScheduler.java:571)
    at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.run(CoroutineScheduler.java:9738)

Comments

ra...@gmail.com <ra...@gmail.com> #2Mar 23, 2021 05:56PM

It has crashed again, now on Galaxy S9 (Android: 10, Android Build: QP1A.190711.020, Model: SM-G960W)

java.security.ProviderException: Keystore operation failed
at android.security.keystore.AndroidKeyStoreKeyGeneratorSpi.engineGenerateKey(AndroidKeyStoreKeyGeneratorSpi.java:386)
at javax.crypto.KeyGenerator.generateKey(KeyGenerator.java:612)
at androidx.biometric.CryptoObjectUtils.createFakeCryptoObject(CryptoObjectUtils.java:256)
at androidx.biometric.BiometricManager.canAuthenticateWithStrongBiometricOnApi29(BiometricManager.java:419)
at androidx.biometric.BiometricManager.canAuthenticateCompat(BiometricManager.java:386)
at {packageName}.fingerprint.BiometricUtils.getBiometricSupportLevelForLogin(BiometricUtils.java:3343)
at androidx.biometric.BiometricManager.canAuthenticate(BiometricManager.java:343)
at {packageName}.fingerprint.BiometricUtils.getBiometricSupportLevelForLogin(BiometricUtils.java:19)
at {packageName}.domain.biometrics.GetBiometricsSupportForLoginInteractor.execute(GetBiometricsSupportForLoginInteractor.java:13)
at {packageName}.ui.settings.SettingsViewModel$$special$$inlined$apply$lambda$1$1.invoke(SettingsViewModel.java:85)
at {packageName}.ui.settings.SettingsViewModel$$special$$inlined$apply$lambda$1$1.invokeSuspend(SettingsViewModel.java:85)
at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(BaseContinuationImpl.java:33)
at kotlinx.coroutines.DispatchedTask.run(DispatchedTask.java:106)
at kotlinx.coroutines.scheduling.CoroutineScheduler.submitToLocalQueue(CoroutineScheduler.java:571)
at kotlinx.coroutines.scheduling.CoroutineScheduler.runSafely(CoroutineScheduler.java:571)
at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.run(CoroutineScheduler.java:9738)
Caused by: android.security.KeyStoreException: 16
at android.security.KeyStore.getKeyStoreException(KeyStore.java:1552)
at android.security.keystore.AndroidKeyStoreKeyGeneratorSpi.engineGenerateKey(AndroidKeyStoreKeyGeneratorSpi.java:386)
at javax.crypto.KeyGenerator.generateKey(KeyGenerator.java:612)
at androidx.biometric.CryptoObjectUtils.createFakeCryptoObject(CryptoObjectUtils.java:256)
at androidx.biometric.BiometricManager.canAuthenticateWithStrongBiometricOnApi29(BiometricManager.java:419)
at androidx.biometric.BiometricManager.canAuthenticateCompat(BiometricManager.java:386)
at {packageName}.fingerprint.BiometricUtils.getBiometricSupportLevelForLogin(BiometricUtils.java:3343)
at androidx.biometric.BiometricManager.canAuthenticate(BiometricManager.java:343)
at {packageName}.fingerprint.BiometricUtils.getBiometricSupportLevelForLogin(BiometricUtils.java:19)
at {packageName}.domain.biometrics.GetBiometricsSupportForLoginInteractor.execute(GetBiometricsSupportForLoginInteractor.java:13)
at {packageName}.ui.settings.SettingsViewModel$$special$$inlined$apply$lambda$1$1.invoke(SettingsViewModel.java:85)
at {packageName}.ui.settings.SettingsViewModel$$special$$inlined$apply$lambda$1$1.invokeSuspend(SettingsViewModel.java:85)
at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(BaseContinuationImpl.java:33)
at kotlinx.coroutines.DispatchedTask.run(DispatchedTask.java:106)
at kotlinx.coroutines.scheduling.CoroutineScheduler.submitToLocalQueue(CoroutineScheduler.java:571)
at kotlinx.coroutines.scheduling.CoroutineScheduler.runSafely(CoroutineScheduler.java:571)
at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.run(CoroutineScheduler.java:9738)

re...@gmail.com <re...@gmail.com> #3Mar 23, 2021 09:54PM

Again: Android: 10 Android Build: QP1A.190711.020 Manufacturer: samsung Model: SM-G781W

It seems that this issue happens on Samsung phones running Android 10.

re...@gmail.com <re...@gmail.com> #4Mar 24, 2021 06:05PM

I was able to reproduce the same issue using a Samsung Galaxy S20 running Android 10.

Basically, what I have to do to reproduce this issue was to register only Face Recognition (which is a weak authenticator) in the phone and then try to use the app that I'm implementing.

As soon as I registered a Fingerprint in the device, I was not able to reproduce this issue anymore.

Also, I've noticed that my app was also calling the same method twice because of the logic that I had on my observables.

In summary, the issue with BiometricManager.canAuthenticate(BIOMETRIC_STRONG) is easier to reproduce if the method is called more than once in a row and on a Samsung phone with only Face Recognition registered.

I don't think that calling the method multiple times is the root cause of this issue, but I think it makes easier to the reproduce the issue. Possibly, the error occurs because the biometrics framework is not ready/busy to process the request and returns a KeyStoreException: 16.

ag...@gmail.com <ag...@gmail.com> #5Aug 17, 2022 10:45AM

I am also facing this issue, any update on this?

ma...@gmail.com <ma...@gmail.com> #6Dec 7, 2022 03:56PM

Facing the same issue with Galaxy S9+ on Android 10.

wg...@gmail.com <wg...@gmail.com> #7Aug 10, 2023 08:31AM

I've seen many crashed like this only on samsung devices, i tried to communicate with samsung developers, but they wanted me to send them system trace from devices, but i don't have any.

https://issuetracker.google.com/issues/283009658

Issue 183319021