FingerPrint mechanism and fingerprint deletion affect behaviour
srxtw opened this issue · 3 comments
Hello,
We are a team who is going to integrate fingerprint in important business flow like buying stuffs.
We are testing the behaviour/mechanism on your fingerprintDialog app with Android M simulator on Android Studio.
We found the following issues and we are worrying about it would affect user and we are confused about the mechanism
-
FingerPrint Deletion.
a) After I deleted a fingerprint, the fingerprint is always on the list and sometimes it is really deleted(say it does not pass the fingerprint detection),
but sometimes not(I tested it by adb -s command)
b) After we have five fingerprint, as the deletion never helps, we won't have ways to add fingerprint
unless we delete the emulator. -
FingerPrint Deletion affect the FingerPrint mechanism
After we do the deletion as described in 1)
the fingerprint behaviour sometimes become strange.
a) When I add a fingerprint, previous fingerprints are invalided
(say the operation is Add F1 -> Delete F1 -> Add F2-> Add F3, the adding of F3 makes
F2 invalided, which is a bit strange.
b) When I add a new fingerprint, the initCipher(Testing if fingerprint set is changed or not) does not work
Say I Add F1 -> Delete F1 -> Add F2 -> Add F3,
After Add F3, the dialog would not prompt the dialog to let user input password, but
just let him input fingerprint
Summary:
It looks like every strange behaviour is due to deletion of fingerprint has bug,
Do you have any suggestion like what emulator or device we should use in
testing fingerprint behaviour?
Thanks!
Hi,
As for the first one, both seems bugs with the emulator.
If you try it with a physical device, both should not happen.
Sorry for the inconvenience.
As for the 2-a, which is an expected behavior that adding a new fingerprint invalidates the previous fingerprints. To be precise, the use of the created key is invalidated.
E.g. if there are registered fingerprint F1 and F2, then you create a key with .setUserAuthenticationRequired to true in KeyGenParameterSpec.Builder. After adding a fingerprint (F3), the use of the created key is invalidated unless you re-create the key.
2-b is not an expected behavior. As I commented previously, adding a new fingerprint invalidates the use of the created keys with the previously registered fingerprints.
As far as I tried with both an emulator and a physical device, after adding a new fingerprint, the sample app asks the password (with a checkbox "Use fingerprint in the future").
Is it always reproducible or it sometimes happen? Anyway, if it happens it's appreciated if you can create a bug on b.android.com
Thanks.
Hello,
Thanks for your explanation and we would try to find device to test.
For 2-a
Sorry for that my explanation is confusing.
I totally understand adding a new fingerprint would need to re-create the key,
and it is my expected behaviour
What I want to mean is, after adding the F3, it prompt a dialog to let me input password,
but after that, I can't use F2 to pass the fingerprint test because the Deletion of F1 affect the behavior.
My key point is that the deletion of fingerprint F1 makes F2 also unavailable after I added F3,
Here unavailable means you can't pass the fingerprint verification.
My expected behavior is it would prompt a dialog and after it,
I should be able to use F2 to verify because I didn't delete it but
the re-created key does not verify F2 successfully
For 2-b,
It is not always reproducible and I need to do complicate operations like
Add F1 -> Delete F1 -> Add F2-> Delete F2, to make it happen.
I think you can reproduce it if you do complicate add-delete combo.
Thanks for your cooperation!
Sorry I misunderstood 2-a.
Sounds like it's also an issue with the emulator. When you create a key, registered fingerprints at that point should be used.
I'll raise an issue of the emulator.