[PR #1162] [MERGED] Fix for missing biometric integrity check in iOS extensions under certain conditions #2775

New Issue

Closed

opened 2025-11-26 23:23:56 -06:00 by GiteaMirror · 0 comments

GiteaMirror commented 2025-11-26 23:23:56 -06:00

Owner

Copy Link

📋 Pull Request Information

Original PR: https://github.com/bitwarden/android/pull/1162
Author: @mpbw2
Created: 12/1/2020
Status: ✅ Merged
Merged: 12/1/2020
Merged by: @mpbw2

Base: master ← Head: bugfix-biochange-extension

---

📝 Commits (4)

• 2bdc6c7 Fix for biometric check in extension on fresh install
• 1dd60b7 make sure bio integrity values are written to pref storage
• ec63119 integrity state migration to pref storage
• 08496d2 remove automatic state saving upon null validation

📊 Changes

8 files changed (+64 additions, -20 deletions)

View changed files

📝 src/App/Resources/AppResources.Designer.cs (+6 -0)
📝 src/App/Resources/AppResources.resx (+4 -1)
📝 src/App/Services/MobileStorageService.cs (+3 -0)
📝 src/Core/Constants.cs (+3 -0)
📝 src/iOS.Autofill/LockPasswordViewController.cs (+1 -1)
📝 src/iOS.Core/Controllers/LockPasswordViewController.cs (+3 -3)
📝 src/iOS.Core/Services/BiometricService.cs (+43 -14)
📝 src/iOS.Extension/LockPasswordViewController.cs (+1 -1)

📄 Description

A path was discovered where a user could modify biometric credentials on an iOS device then bypass the Bitwarden integrity check by using the autofill extension.

Reason: While the extensions do properly perform the integrity check per #1110 , the check would fail to catch the change only if the extension had yet to be triggered once biometric unlock was enabled within the app (because the very first check results in a null value, then updates to the current integrity key value and returns true to indicate success - see BiometricService line 39).

Solution Part 1: By performing the check regardless of the biometric unlock setting in the app, the null integrity value for the extension is replaced with a legitimate value when autofill is first enabled (by opening the extension for user verification). By the time the scenario above plays out, a proper integrity value is in place and the extension catches the change and forces the user to enter their master password.

Solution Part 2: While testing part 1 I witnessed the behavior occasionally revert to skipping the check. As the issue with sharing the DB across processes is still a thorn in my side, I've moved the integrity values to pref storage (where I should have put them in the first place) and added migration to prevent any unnecessary panic brought on by an unplanned bio integrity mismatch. After this change, I've been unable to repro the failure.

---

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/bitwarden/android/pull/1162 **Author:** [@mpbw2](https://github.com/mpbw2) **Created:** 12/1/2020 **Status:** ✅ Merged **Merged:** 12/1/2020 **Merged by:** [@mpbw2](https://github.com/mpbw2) **Base:** `master` ← **Head:** `bugfix-biochange-extension` --- ### 📝 Commits (4) - [`2bdc6c7`](https://github.com/bitwarden/android/commit/2bdc6c7e11f6510d79737deff90e63ede66da81a) Fix for biometric check in extension on fresh install - [`1dd60b7`](https://github.com/bitwarden/android/commit/1dd60b75b3fd03961d3f34869ff3fdd8c414c3ee) make sure bio integrity values are written to pref storage - [`ec63119`](https://github.com/bitwarden/android/commit/ec63119674ffe39c698168542a88824b28c7d496) integrity state migration to pref storage - [`08496d2`](https://github.com/bitwarden/android/commit/08496d26e4d03a722bd89bbc6080aa363ca96984) remove automatic state saving upon null validation ### 📊 Changes **8 files changed** (+64 additions, -20 deletions) <details> <summary>View changed files</summary> 📝 `src/App/Resources/AppResources.Designer.cs` (+6 -0) 📝 `src/App/Resources/AppResources.resx` (+4 -1) 📝 `src/App/Services/MobileStorageService.cs` (+3 -0) 📝 `src/Core/Constants.cs` (+3 -0) 📝 `src/iOS.Autofill/LockPasswordViewController.cs` (+1 -1) 📝 `src/iOS.Core/Controllers/LockPasswordViewController.cs` (+3 -3) 📝 `src/iOS.Core/Services/BiometricService.cs` (+43 -14) 📝 `src/iOS.Extension/LockPasswordViewController.cs` (+1 -1) </details> ### 📄 Description A path was discovered where a user could modify biometric credentials on an iOS device then bypass the Bitwarden integrity check by using the autofill extension. Reason: While the extensions do properly perform the integrity check per #1110 , the check would fail to catch the change **only if the extension had yet to be triggered once biometric unlock was enabled within the app** (because the very first check results in a null value, then updates to the current integrity key value and returns true to indicate success - see [BiometricService line 39](https://github.com/bitwarden/mobile/blob/e27370cf32ece73ba44d7eadd6aebf519d82fdce/src/iOS.Core/Services/BiometricService.cs#L39)). _Solution Part 1_: By performing the check regardless of the biometric unlock setting in the app, the null integrity value for the extension is replaced with a legitimate value when autofill is first enabled (by opening the extension for user verification). By the time the scenario above plays out, a proper integrity value is in place and the extension catches the change and forces the user to enter their master password. _Solution Part 2_: While testing part 1 I witnessed the behavior occasionally revert to skipping the check. As the issue with sharing the DB across processes is still a thorn in my side, I've moved the integrity values to pref storage (where I should have put them in the first place) and added migration to prevent any unnecessary panic brought on by an unplanned bio integrity mismatch. After this change, I've been unable to repro the failure. --- _{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

GiteaMirror added the pull-request label 2025-11-26 23:23:56 -06:00

GiteaMirror closed this issue 2025-11-26 23:23:56 -06:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

sdlc/sdk-update

fix/PM-33394-throwable-extensions

fix/PM-33394-sync-unlock-error

PM-24380/flight-recorder-redact-hostname

release/2026.3-rc48

claude/android-implementer-agent

PM-26577-app-links-support

PM-26896-autofill-fix

renovate/lock-file-maintenance

release/2026.2-rc47

PM-32714/fallback-to-web-vault-host

pr-6572

PM-28834/setting-app-layout-horizonos

vvolkgang/process-release-notes-v2

release/2026.2-rc46

release/2026.1-rc45

PM-30644/added-logs-for-debug

PM-30644/quicktile-nav-not-showing-migration

minor-gradle-updates

release/2026.1-rc42

release/2026.1-rc44

release/2026.1-rc43

PM-28834/set-landscape-on-horizonos-devices

context-rules

devclarity/update-code-review-command

PM-20026/force-ltr-passwords-and-codes

release/2025.12-rc41

cmcg/testCoverage

claude-skill/creating-feature-flags

PM-29014/talkback-support-for-passwords

release/2025.12-rc40

BRE-1305/publish_test

accept-user-certs

autofill-permissions

release/2025.11-rc39

PM-22479/check-all-certificates-validate-asset-links

release/2025.10-rc38

agalles/android-latest

optimize-test-workflows

tier2-test-sharding

retro-agent

PM-27001/skip-account-selection-only-one-exists-cxp

release/2025.10-rc37

agalles/test-1118

release/2025.10-rc36

PM-20593-token-refresh

QA-1126b/adding-native-sanity-test

release/2025.9-rc35

pm-25933/sdk-update-password

release/2025.9-rc34

release/2025.8-rc33

agalles/20250821-release

debug-release-issues

pm-24249-allow-automated-prs-for-sdk-updates

release/2025.8-rc32

release/WORKFLOW-TEST-2025.8-rc28

agalles/20250807release

release/2025.07-rc25

release/hotfix-v2025.7.0-bwa

pm-23311/export-vault-policy-bypass

release/2025.07-rc24

authenticator-pm-sync-flags-issue

ps/implement-sdk-repository-example

release/hotfix-v2025.6.0-bwpm

release/2025.06-rc21

agalles/automate-android-fastlane-patch

release/2025.05-rc20

release/2025.04-rc19

languages/basque

release/2025.03-rc19

update-readme

qrcode/feature

innovation/archive/pm-19153-archive-items

qrcode/2-ui-fields

qrcode/1-page

hold-on-biometric-prompt-alternative

release-notes-process

release/2025.02-rc16

bwa-monorepo

PM-8223/new-device-verification-ux-improvements

pm-18451/exempt-from-policies

test-bwa

cs-workaround-linked-0-copy

release/2025.01-rc15

release/2025.01-rc14

release/2024.12-rc13

pm-16670/sync-leave-notice

821

PM-16695/backport-lean-more-new-device-verification

km/15084-testing

release/hotfix-v2024.11.7

release/2024.11-rc1

pm-11304/collection-add-item-button

PM-14241/disabling-logs-app-crash

poc/offline-editing

new-version-calc

pm-11649/expired-link-services

pm-6702/add-feature-flag

pm-6702/email-verification-feature

pm-9933/marketing-copy-update

pm-6702/registration-flows

update-templates

pm-6701/email-verification-selfhost-registration

v2026.2.1-bwpm

v2026.2.1-bwa

v2026.2.0-bwpm

v2026.2.0-bwa

v2026.1.1-bwa

v2026.1.1-bwpm

temp-test

v2026.1.0-bwpm

v2026.1.0-bwa

v2025.12.1-bwa

v2025.12.1-bwpm

v2025.12.0-bwa

v2025.12.0-bwpm

v2025.11.1-bwpm

v2025.11.1-bwa

v2025.11.0-bwpm

v2025.11.0-bwa

v2025.10.1-bwa

v2025.10.1-bwpm

v2025.10.0-bwa

v2025.10.0-bwpm

v2025.9.1-bwa

v2025.9.1-bwpm

v2025.9.0-bwa

v2025.9.0-bwpm

v2025.8.1-bwa

v2025.8.1-bwpm

v2025.8.0-bwa

v2025.8.0-bwpm

v2025.7.2-bwa

v2025.7.2-bwpm

v2025.7.1-bwa

v2025.7.1-bwpm

v2025.7.0-bwa

v2025.7.0-bwpm

v2025.6.1-bwpm

v2025.6.0-bwa

v2025.6.0-bwpm

v2025.1.0-bwa

v2025.5.0-bwa

v2025.5.0-bwpm

v2025.5.999

2025.4.0

v2025.4.0

untagged-4731eaadac73f3dfbbb8

v2025.3.0

v2025.2.0

untagged-815a165c5d70ffe75bc7

v2025.1.2

v2025.1.1

v2025.1.0

v2024.12.0

untagged-5a76b6392a4c8998c63a

v2024.11.7

v2024.11.6

v2024.11.5

v2024.11.4

v2024.11.3

v2024.11.2

v2024.11.1

v2024.11.0

v2024.10.2

v2024.10.1

v2024.10.0

v2024.9.0

v2024.8.1

v2024.8.0

v2024.7.3

v2024.7.2

v2024.7.1

v2024.7.0

v2024.6.1

v2024.6.0

v2024.5.1

v2024.4.1

v2024.4.2

v2024.4.0

v2024.3.3

v2024.3.1

v2024.3.0

v2024.2.1

v2024.2.0

v2024.1.1

v2024.1.0

v2023.12.0

v2023.10.0

v2023.9.2

maui-single-project-android

v2023.9.1

v2023.9.0

v2023.8.0

v2023.7.0

v2023.5.0

v2023.4.0

v2023.3.2

v2023.3.1

v2023.3.0

v2023.2.0

v2023.1.0

v2022.11.0

v2022.10.0

v2022.9.1

v2022.9.0

v2022.8.0

v2022.6.2

v2022.6.1

v2022.6.0

v2022.05.0

v2.18.0

v2.17.0

v2.16.4

v2.16.3

v2.16.2

v2.16.1

v2.15.0

v2.14.2

v2.14.1

v2.14.0

v2.13.0

v2.12.0

v2.11.3

v2.11.2

v2.11.1

v2.11.0

v2.10.0

v2.9.1

v2.9.0

v2.8.2

v2.8.1

v2.8.0

v2.7.2

v2.7.0

v2.6.1

v2.6.0

v2.5.6

v.2.5.5

v2.5.5

v2.5.4

v2.5.3

v2.5.2

v2.5.1

v2.5.0

v2.4.3

v2.4.2

v2.4.1

v2.4.0

v2.3.1

v2.3.0

v2.2.8

v2.2.7

v2.2.6

v2.2.2

v2.2.1

v2.2.0

v2.1.2

v2.1.0

v2.0.6

v2.0.5

v2.0.4

v2.0.3

v2.0.2

v2.0.1

v2.0.0

v1.22.1

v1.22.0

v1.21.0

v1.20.0

v1.19.0

v1.18.1

v1.18.0

v1.17.0

v1.16.0

v1.15.2

v1.15.1

v1.15.0

v1.14.4

v1.14.1

v1.14.0

v1.13.0

v1.12.2

v1.12.1

v1.12.0

v1.11.1

v1.11.0

v1.10.0

v1.9.0

v1.8.1

v1.8.0

v1.7.0

v1.6.5

v1.6.1

v1.6.0

v1.5.1

v1.5.0

v1.4.4

v1.4.3

v1.4.0

v1.3.0

v1.2.1

v1.2.0

v1.1.0

v1.0.0

v0.0.6

v0.0.5

v0.0.4

v0.0.3

v0.0.2

v0.0.1

Labels

Clear labels

app:authenticator

app:password-manager

bug

bug-passkey

customer-support

duplicate

enhancement

good first issue

help wanted

needs-reply

needs-response

pull-request

Mirrored from GitHub Pull Request

question

No Label pull-request

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

GiteaMirror ninjasurge

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/android#2775