[PR #2498] [MERGED] [PM-1817] Expand biometric integrity checks to the account level #16350

New Issue

GiteaMirror · 2026-04-15T02:11:55-05:00

GiteaMirror commented

2026-04-15 02:11:55 -05:00

📋 Pull Request Information

Original PR: https://github.com/bitwarden/android/pull/2498
Author: @mpbw2
Created: 4/26/2023
Status: ✅ Merged
Merged: 5/1/2023
Merged by: @mpbw2

Base: master ← Head: bugfix/account-level-bio-integrity

📝 Commits (7)

d3fad51 Change bio integrity validation to work at account-level
a71fbca biometric state migration
5d6be9c fix account bio valid key storage location during migration
35db512 comment clarification
95156fc fix for iOS extensions not using custom avatar color
7a61ba9 Merge branch 'master' into bugfix/account-level-bio-integrity
77ba8c5 Merge branch 'master' into bugfix/account-level-bio-integrity

📊 Changes

22 files changed (+236 additions, -102 deletions)

View changed files

📝 src/Android/MainApplication.cs (+3 -2)
📝 src/Android/Services/BiometricService.cs (+33 -14)
📝 src/App/Pages/Accounts/LockPage.xaml (+1 -1)
📝 src/App/Pages/Accounts/LockPageViewModel.cs (+3 -2)
📝 src/App/Resources/AppResources.Designer.cs (+4 -4)
📝 src/App/Resources/AppResources.resx (+4 -4)
📝 src/App/Services/MobilePlatformUtilsService.cs (+15 -0)
📝 src/App/Services/MobileStorageService.cs (+4 -4)
📝 src/Core/Abstractions/IBiometricService.cs (+2 -2)
📝 src/Core/Abstractions/IPlatformUtilsService.cs (+1 -0)
📝 src/Core/Abstractions/IStateService.cs (+4 -0)
📝 src/Core/Constants.cs (+6 -4)
📝 src/Core/Services/StateMigrationService.cs (+93 -3)
📝 src/Core/Services/StateService.cs (+30 -0)
📝 src/iOS.Autofill/LockPasswordViewController.cs (+1 -1)
📝 src/iOS.Core/Controllers/BaseLockPasswordViewController.cs (+5 -4)
📝 src/iOS.Core/Controllers/LockPasswordViewController.cs (+5 -4)
📝 src/iOS.Core/Services/BiometricService.cs (+14 -47)
📝 src/iOS.Core/Utilities/AccountSwitchingOverlayHelper.cs (+2 -1)
📝 src/iOS.Core/Utilities/iOSCoreHelpers.cs (+3 -2)

...and 2 more files

📄 Description

Type of change

Bug fix
New feature development
Tech debt (refactoring, code cleanup, dependency upgrades, etc)
Build/deploy pipeline (DevOps)
Other

Objective

This modification tracks system-level biometric invalidation (new fingerprint/face added, etc.) at the account level by storing 'approval flags' with the user ID & representations of the current 'state' of biometrics in the following format:

 accountBiometricIntegrityValid_{userId}_{systemBioIntegrityState}

The presence of this key indicates to the app that this particular user is clear to use biometrics in the state provided. Once the state changes and the key is no longer valid, the user must re-enter their password to save a new key with the updated state for their user ID.

Android notes:

Our Android implementation never stored any kind of system biometric state because validation relies on key functions throwing specific exceptions. For this to work a state was added in the form of a GUID which is generated on biometric initialization if one doesn't already exist, and removed when invalidation occurs (to be re-generated on re-initialization). This follows the pattern already established by our iOS implementation.

iOS notes:

As state is process-specific, additional validation keys are used for iOS extensions so password re-entry is still required for each extension separate from the main app (same as now). I have a few thoughts on how to improve this experience but that's for later.

Code changes

Main changes:

BiometricService.cs: Init with StateService to give main app access to state and validation keys, utilize source key name in key generation, removed old migration as it should no longer be needed (iOS)
Mobile/PlatformUtilsService: Added IsBiometricIntegrityValidAsync to perform both system and account-level validation in a single method
StateService: Added getter/setter for system bio state and account bio key validation
StateMigrationService: Generate new bio state (android), migrate existing bio integrity to any existing accounts
AppResources: Add "for this account" phrasing to biometric invalidation prompt

Other:

LockPageViewModel: Apply BiometricButtonVisible after checking BiometricIntegrityValid to dynamically remove button if app is resumed (vs cold start) after bio state changes
AccountSwitchingOverlayHelper: Make use of custom avatar color in iOS extensions
Other: Lots of var renaming to discern between system and account level biometric validation as well as validation source vs key value

Before you submit

Please check for formatting errors (dotnet format --verify-no-changes) (required)
Please add unit tests where it makes sense to do so (encouraged but not required)
If this change requires a documentation update - notify the documentation team
If this change has particular deployment requirements - notify the DevOps team

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/bitwarden/android/pull/2498 **Author:** [@mpbw2](https://github.com/mpbw2) **Created:** 4/26/2023 **Status:** ✅ Merged **Merged:** 5/1/2023 **Merged by:** [@mpbw2](https://github.com/mpbw2) **Base:** `master` ← **Head:** `bugfix/account-level-bio-integrity` --- ### 📝 Commits (7) - [`d3fad51`](https://github.com/bitwarden/android/commit/d3fad518a1f586e5a293a662aa86f15ae94cebfb) Change bio integrity validation to work at account-level - [`a71fbca`](https://github.com/bitwarden/android/commit/a71fbca4c83e664f0127336847597329d814faf7) biometric state migration - [`5d6be9c`](https://github.com/bitwarden/android/commit/5d6be9cc957690fb6e968ca2e64a2e8f006ad8e2) fix account bio valid key storage location during migration - [`35db512`](https://github.com/bitwarden/android/commit/35db512f73bf2ec09d11e020f764d87b4047f9d8) comment clarification - [`95156fc`](https://github.com/bitwarden/android/commit/95156fc2cb9b9d61474bbbea19b5355317802efa) fix for iOS extensions not using custom avatar color - [`7a61ba9`](https://github.com/bitwarden/android/commit/7a61ba967cfae0b747e7b4179bfa5af3ec85393f) Merge branch 'master' into bugfix/account-level-bio-integrity - [`77ba8c5`](https://github.com/bitwarden/android/commit/77ba8c5ba049c3380a89512d7c8feca3bc0e802f) Merge branch 'master' into bugfix/account-level-bio-integrity ### 📊 Changes **22 files changed** (+236 additions, -102 deletions) <details> <summary>View changed files</summary> 📝 `src/Android/MainApplication.cs` (+3 -2) 📝 `src/Android/Services/BiometricService.cs` (+33 -14) 📝 `src/App/Pages/Accounts/LockPage.xaml` (+1 -1) 📝 `src/App/Pages/Accounts/LockPageViewModel.cs` (+3 -2) 📝 `src/App/Resources/AppResources.Designer.cs` (+4 -4) 📝 `src/App/Resources/AppResources.resx` (+4 -4) 📝 `src/App/Services/MobilePlatformUtilsService.cs` (+15 -0) 📝 `src/App/Services/MobileStorageService.cs` (+4 -4) 📝 `src/Core/Abstractions/IBiometricService.cs` (+2 -2) 📝 `src/Core/Abstractions/IPlatformUtilsService.cs` (+1 -0) 📝 `src/Core/Abstractions/IStateService.cs` (+4 -0) 📝 `src/Core/Constants.cs` (+6 -4) 📝 `src/Core/Services/StateMigrationService.cs` (+93 -3) 📝 `src/Core/Services/StateService.cs` (+30 -0) 📝 `src/iOS.Autofill/LockPasswordViewController.cs` (+1 -1) 📝 `src/iOS.Core/Controllers/BaseLockPasswordViewController.cs` (+5 -4) 📝 `src/iOS.Core/Controllers/LockPasswordViewController.cs` (+5 -4) 📝 `src/iOS.Core/Services/BiometricService.cs` (+14 -47) 📝 `src/iOS.Core/Utilities/AccountSwitchingOverlayHelper.cs` (+2 -1) 📝 `src/iOS.Core/Utilities/iOSCoreHelpers.cs` (+3 -2) _...and 2 more files_ </details> ### 📄 Description ## Type of change - [X] Bug fix - [ ] New feature development - [ ] Tech debt (refactoring, code cleanup, dependency upgrades, etc) - [ ] Build/deploy pipeline (DevOps) - [ ] Other ## Objective  This modification tracks system-level biometric invalidation (new fingerprint/face added, etc.) at the account level by storing 'approval flags' with the user ID & representations of the current 'state' of biometrics in the following format: accountBiometricIntegrityValid_{userId}_{systemBioIntegrityState} The presence of this key indicates to the app that this particular user is clear to use biometrics in the state provided. Once the state changes and the key is no longer valid, the user must re-enter their password to save a new key with the updated state for their user ID. _Android notes:_ Our Android implementation never stored any kind of system biometric state because validation relies on key functions throwing specific exceptions. For this to work a state was added in the form of a GUID which is generated on biometric initialization if one doesn't already exist, and removed when invalidation occurs (to be re-generated on re-initialization). This follows the pattern already established by our iOS implementation. _iOS notes:_ As state is process-specific, additional validation keys are used for iOS extensions so password re-entry is still required for each extension separate from the main app (same as now). I have a few thoughts on how to improve this experience but that's for later. ## Code changes   _Main changes:_ * **BiometricService.cs:** Init with `StateService` to give main app access to state and validation keys, utilize source key name in key generation, removed old migration as it should no longer be needed (iOS) * **Mobile/PlatformUtilsService:** Added `IsBiometricIntegrityValidAsync` to perform both system and account-level validation in a single method * **StateService:** Added getter/setter for system bio state and account bio key validation * **StateMigrationService:** Generate new bio state (android), migrate existing bio integrity to any existing accounts * **AppResources:** Add "for this account" phrasing to biometric invalidation prompt _Other:_ * **LockPageViewModel:** Apply `BiometricButtonVisible` after checking `BiometricIntegrityValid` to dynamically remove button if app is resumed (vs cold start) after bio state changes * **AccountSwitchingOverlayHelper:** Make use of custom avatar color in iOS extensions * **Other:** Lots of var renaming to discern between system and account level biometric validation as well as validation source vs key value ## Before you submit - Please check for formatting errors (`dotnet format --verify-no-changes`) (required) - Please add **unit tests** where it makes sense to do so (encouraged but not required) - If this change requires a **documentation update** - notify the documentation team - If this change has particular **deployment requirements** - notify the DevOps team --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

GiteaMirror added the pull-request label 2026-04-15 02:11:55 -05:00

GiteaMirror closed this issue

2026-04-15 02:11:57 -05:00

Sign in to join this conversation.

Branches Tags

main

agalles/fdroid-only

sdlc/sdk-update

remove-retrofit-dependency

release/hotfix-v2026.4.1-bwpm

beta-for-qa

target-sdk-37

PM-33982/build-device-screen

new-item-types/PM-32806_passport

new-item-types/PM-32808_drivers-license

BWA-99/show-next-totp

BWA-99/add-preview-next-totp-code-setting

renovate/glidecompose

sync-min-sdk

release/2026.4-rc51

fix/security-sast-22741894-bvwj

related-origin-passkey-creation

release/2026.4-rc50

platform/android-breaking-change-detection

innovation-sprint-2026-send-folder

release/2026.3-rc49

PM-34193-vault-lockout

android-collections

llm/add-resolving-sdk-updates-skill

QA-1523/sanity-test-saucelabs

release/2026.3-rc48

PM-26577-app-links-support

PM-26896-autofill-fix

release/2026.2-rc47

pr-6572

release/2026.2-rc46

release/2026.1-rc45

PM-30644/added-logs-for-debug

PM-30644/quicktile-nav-not-showing-migration

minor-gradle-updates

release/2026.1-rc42

release/2026.1-rc44

release/2026.1-rc43

PM-28834/set-landscape-on-horizonos-devices

PM-28468/validate-and-navigate-to-vault-migration

PM-20026/force-ltr-passwords-and-codes

release/2025.12-rc41

cmcg/testCoverage

PM-29014/talkback-support-for-passwords

release/2025.12-rc40

BRE-1305/publish_test

accept-user-certs

autofill-permissions

release/2025.11-rc39

PM-22479/check-all-certificates-validate-asset-links

release/2025.10-rc38

agalles/android-latest

retro-agent

PM-27001/skip-account-selection-only-one-exists-cxp

release/2025.10-rc37

agalles/test-1118

release/2025.10-rc36

PM-20593-token-refresh

QA-1126b/adding-native-sanity-test

release/2025.9-rc35

pm-25933/sdk-update-password

release/2025.9-rc34

release/2025.8-rc33

agalles/20250821-release

debug-release-issues

pm-24249-allow-automated-prs-for-sdk-updates

release/2025.8-rc32

release/WORKFLOW-TEST-2025.8-rc28

agalles/20250807release

release/2025.07-rc25

release/hotfix-v2025.7.0-bwa

pm-23311/export-vault-policy-bypass

release/2025.07-rc24

authenticator-pm-sync-flags-issue

release/hotfix-v2025.6.0-bwpm

release/2025.06-rc21

agalles/automate-android-fastlane-patch

release/2025.05-rc20

release/2025.04-rc19

languages/basque

release/2025.03-rc19

update-readme

qrcode/feature

innovation/archive/pm-19153-archive-items

qrcode/2-ui-fields

qrcode/1-page

hold-on-biometric-prompt-alternative

release-notes-process

release/2025.02-rc16

bwa-monorepo

PM-8223/new-device-verification-ux-improvements

pm-18451/exempt-from-policies

test-bwa

release/2025.01-rc15

release/2025.01-rc14

release/2024.12-rc13

pm-16670/sync-leave-notice

821

PM-16695/backport-lean-more-new-device-verification

release/hotfix-v2024.11.7

release/2024.11-rc1

pm-11304/collection-add-item-button

PM-14241/disabling-logs-app-crash

poc/offline-editing

new-version-calc

pm-11649/expired-link-services

pm-6702/add-feature-flag

pm-6702/email-verification-feature

pm-9933/marketing-copy-update

pm-6702/registration-flows

update-templates

pm-6701/email-verification-selfhost-registration

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/android#16350