Wallet-app login dialog wrongly claim to biometric even when it is not.

Question

Wallet-app login dialog wrongly claim to biometric even when it is not.

Opened this issue 3 years ago · 0 comments

Hendrik-Schmidt-Schierhorn-TSI commented 3 years ago

Description

The wallet-app is protected by login dialog. The dialog is depending on the device features protected by biometrics or another device unlock method. However it always wrongly claims to be a biometric login even on phone not supporting biometrics.

In class AuthFragment ;
val prompt = BiometricPrompt.PromptInfo.Builder()
.setTitle(getString(R.string.biometric_dialog_title))
.setSubtitle(getString(R.string.biometric_dialog_subtitle))

Possible Fix

Always uses these hardcoded values:
Biometric login
Log in using your biometric credential
This security feature wrongly advertises itself and gives a false sense of security.

Impact

Wallet-app login suggest biometric level security on non-biometric devices.
Recommendation:
• Change login screen text and design accordingly on non-biometric devices.