IssueTracker

DESCRIPTION:

The new biometric-ktx authentication APIs introduced in the 1.2.0-alpha versions have a critical issue that causes the app to crash when a user fails to authenticate using the correct fingerprint or biometric method multiple times (after the second try). This issue has been consistently reproduced across various devices, including the Pixel 8 Pro, Pixel 6a, and Xiaomi 12 and emulated devices, running Android 13 and Android 14. The issue occurrs in apps that are built using Kotlin, and the biometric-ktx library.

BUILD INFO

• Device type: Pixel 8 Pro, Pixel 6a and Xiaomi 12
• OS version: Android 13 (API 33) and Android 14 (API 34)
• Biometric library version: 1.2.0-alpha05 using the ktx version androidx.biometric:biometric-ktx:1.2.0-alpha05

STEPS TO REPRODUCE

1. Implement biometric authentication using the "new" API (e.g., Class2BiometricAuthPrompt)
2. Launch the application on a phone with fingerprint authentication enrolled
3. Try to authenticate using the wrong finger, twice
4. After the second try, the application will crash because of a java.lang.IllegalStateException: Already resumed, but proposed with update CompletedExceptionally[androidx.biometric.auth.AuthPromptFailureException]

EXPECTED RESULTS

Apps should not crash, but rather survive such authentication failure.

OBSERVED RESULTS

Apps crashes when using the new API (e.g., Class2BiometricAuthPrompt) after using the wrong finger twice.

NUMBER OF TIMES YOU WERE ABLE TO REPRODUCE (10/10)