How to resolve ''DeviceLockedPermanent''
Opened this issue · 3 comments
I updated the library from v4 to v6.0.0 in my app. I am now using the new android API to use fingerprint for login.
During the testing process I entered my fingerprint to many times incorrectly, now my fingerprintscan does not work anymore.
I am now constantly getting a DeviceLockedPermanent error.
In the android docs (https://developer.android.com/reference/androidx/biometric/BiometricPrompt#ERROR_LOCKOUT_PERMANENT)
is written: Biometric authentication is disabled until the user unlocks with strong authentication (PIN/Pattern/Password).
My question is: How can I trigger the ''strong authentication" to resolve the DeviceLockedPermanent error.
Uninstalling the app does not work, only a complete simulator reset.
Looks like this system API, with true to allow for device credentials (non-biometric) would do it https://developer.android.com/reference/androidx/biometric/BiometricPrompt.PromptInfo.Builder#setDeviceCredentialAllowed(boolean)
Attempt it by altering this line here directly to true and testing:
If it works you may either persist that change with patch-package https://github.com/ds300/patch-package so it works in your project immediately, or perhaps propose exposing that as a new optional parameter starting here
and plumbed through to the native method linked first, allowing callers to toggle it on or off ?@mikehardy thanks for your message.
I've tried your possible solution, but it didn't work. After entering +/- 20 times wrong credentials reopening the biometricprompt is not possible anymore. I think your suggested change has do to with it, but I think there also have to be an event that tells android that the alternative strong login succeeded.
@aaroncornelissen to "active listen" (to make sure I understand) and guess a bit:
- I think you meant: you added the call to the native Android SDK API call
BiometricPrompt.setDeviceCredentialAllowed(true)? - I think you meant: you are in a 'DeviceLockedPermanent' state with regard to biometrics on this device for this app? (after approx 20 fails)
- here is the guess: now you can authenticate at least, but it's with device credential always, biometric is still not allowed?
If so, I think there is a little progress but obviously not ideal yet.
I saw a reference in AOSP source code to BiometricManager.resetLockout (https://android.googlesource.com/platform/frameworks/base/+/master/core/java/android/hardware/biometrics/BiometricManager.java) which seems like it would do the trick, but I'm not sure where you get the token it needs (presumably as a return value from a non-biometric unlock?) or how to call that API.
Searching hasn't been fruitful so far but there was a mention of holding a wake lock until a hardware service finished a timeout (as in, the hardware service may allow more failures after X amount of time) so perhaps simply waiting after X failures is sufficient to avoid permanent lockout
As a possible workaround, if biometric locks out after 20 times (!) perhaps the app could use async-storage and after 3-5 failed attempts (tracked via async-storage) it could switch to fallback PIN allowed, then after a couple more it could warn the user strongly to not use biometric etc ? Just brainstorming