github-starred/android
2
0
Fork 0
mirror of https://github.com/bitwarden/android.git synced 2026-03-18 03:09:11 -05:00
Code Issues 144 Packages Projects Releases 116 Wiki Activity

[PR #4448] [MERGED] PM-15356: Resolve biometrics bypass #4954

New Issue
Closed
opened 2025-11-26 23:51:59 -06:00 by GiteaMirror · 0 comments
GiteaMirror commented 2025-11-26 23:51:59 -06:00
Owner
Copy Link

📋 Pull Request Information

Original PR: https://github.com/bitwarden/android/pull/4448
Author: @david-livefront
Created: 12/10/2024
Status: Merged
Merged: 1/9/2025
Merged by: @david-livefront

Base: mainHead: PM-15356-biometrics-bypass

📝 Commits (1)

  • b7d256e PM-15356: Resolve biometrics bypass

📊 Changes

28 files changed (+397 additions, -251 deletions)

View changed files

📝 app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/disk/AuthDiskSource.kt (+10 -0)
📝 app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/disk/AuthDiskSourceImpl.kt (+13 -0)
📝 app/src/main/java/com/x8bit/bitwarden/data/platform/manager/BiometricsEncryptionManager.kt (+0 -6)
📝 app/src/main/java/com/x8bit/bitwarden/data/platform/manager/BiometricsEncryptionManagerImpl.kt (+41 -63)
📝 app/src/main/java/com/x8bit/bitwarden/data/platform/manager/di/PlatformManagerModule.kt (+2 -0)
📝 app/src/main/java/com/x8bit/bitwarden/data/platform/repository/SettingsRepository.kt (+2 -1)
📝 app/src/main/java/com/x8bit/bitwarden/data/platform/repository/SettingsRepositoryImpl.kt (+11 -6)
📝 app/src/main/java/com/x8bit/bitwarden/data/platform/repository/di/PlatformRepositoryModule.kt (+0 -3)
📝 app/src/main/java/com/x8bit/bitwarden/data/vault/repository/VaultRepository.kt (+2 -1)
📝 app/src/main/java/com/x8bit/bitwarden/data/vault/repository/VaultRepositoryImpl.kt (+25 -7)
📝 app/src/main/java/com/x8bit/bitwarden/ui/auth/feature/accountsetup/SetupUnlockScreen.kt (+1 -1)
📝 app/src/main/java/com/x8bit/bitwarden/ui/auth/feature/accountsetup/SetupUnlockViewModel.kt (+30 -21)
📝 app/src/main/java/com/x8bit/bitwarden/ui/auth/feature/accountsetup/handlers/SetupUnlockHandler.kt (+4 -5)
📝 app/src/main/java/com/x8bit/bitwarden/ui/auth/feature/vaultunlock/VaultUnlockScreen.kt (+1 -1)
📝 app/src/main/java/com/x8bit/bitwarden/ui/auth/feature/vaultunlock/VaultUnlockViewModel.kt (+2 -9)
📝 app/src/main/java/com/x8bit/bitwarden/ui/platform/feature/settings/accountsecurity/AccountSecurityScreen.kt (+5 -8)
📝 app/src/main/java/com/x8bit/bitwarden/ui/platform/feature/settings/accountsecurity/AccountSecurityViewModel.kt (+31 -22)
📝 app/src/main/java/com/x8bit/bitwarden/ui/platform/manager/biometrics/BiometricsManager.kt (+1 -1)
📝 app/src/main/java/com/x8bit/bitwarden/ui/platform/manager/biometrics/BiometricsManagerImpl.kt (+2 -2)
📝 app/src/test/java/com/x8bit/bitwarden/data/auth/datasource/disk/AuthDiskSourceTest.kt (+29 -0)

...and 8 more files

📄 Description

🎟️ Tracking

PM-15356

📔 Objective

This PR adds an extra layer of security to the biometrics prompt by signing the user key before storing it, meaning that only a real cipher from the Biometric Prompt can decrypt the data and unlock the vault.

Reminders before review

  • Contributor guidelines followed
  • All formatters and local linters executed and passed
  • Written new unit and / or integration tests where applicable
  • Used internationalization (i18n) for all UI strings
  • CI builds passed
  • Communicated to DevOps any deployment requirements
  • Updated any necessary documentation or informed the documentation team

🦮 Reviewer guidelines

  • 👍 (:+1:) or similar for great changes
  • 📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
  • (:question:) for questions
  • 🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed
    issue and could potentially benefit from discussion
  • 🎨 (:art:) for suggestions / improvements
  • (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
  • 🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
  • ⛏ (:pick:) for minor or nitpick changes

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/bitwarden/android/pull/4448 **Author:** [@david-livefront](https://github.com/david-livefront) **Created:** 12/10/2024 **Status:** ✅ Merged **Merged:** 1/9/2025 **Merged by:** [@david-livefront](https://github.com/david-livefront) **Base:** `main` ← **Head:** `PM-15356-biometrics-bypass` --- ### 📝 Commits (1) - [`b7d256e`](https://github.com/bitwarden/android/commit/b7d256ecb87d81f61f029e5b0b80ab39c13ec0b8) PM-15356: Resolve biometrics bypass ### 📊 Changes **28 files changed** (+397 additions, -251 deletions) <details> <summary>View changed files</summary> 📝 `app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/disk/AuthDiskSource.kt` (+10 -0) 📝 `app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/disk/AuthDiskSourceImpl.kt` (+13 -0) 📝 `app/src/main/java/com/x8bit/bitwarden/data/platform/manager/BiometricsEncryptionManager.kt` (+0 -6) 📝 `app/src/main/java/com/x8bit/bitwarden/data/platform/manager/BiometricsEncryptionManagerImpl.kt` (+41 -63) 📝 `app/src/main/java/com/x8bit/bitwarden/data/platform/manager/di/PlatformManagerModule.kt` (+2 -0) 📝 `app/src/main/java/com/x8bit/bitwarden/data/platform/repository/SettingsRepository.kt` (+2 -1) 📝 `app/src/main/java/com/x8bit/bitwarden/data/platform/repository/SettingsRepositoryImpl.kt` (+11 -6) 📝 `app/src/main/java/com/x8bit/bitwarden/data/platform/repository/di/PlatformRepositoryModule.kt` (+0 -3) 📝 `app/src/main/java/com/x8bit/bitwarden/data/vault/repository/VaultRepository.kt` (+2 -1) 📝 `app/src/main/java/com/x8bit/bitwarden/data/vault/repository/VaultRepositoryImpl.kt` (+25 -7) 📝 `app/src/main/java/com/x8bit/bitwarden/ui/auth/feature/accountsetup/SetupUnlockScreen.kt` (+1 -1) 📝 `app/src/main/java/com/x8bit/bitwarden/ui/auth/feature/accountsetup/SetupUnlockViewModel.kt` (+30 -21) 📝 `app/src/main/java/com/x8bit/bitwarden/ui/auth/feature/accountsetup/handlers/SetupUnlockHandler.kt` (+4 -5) 📝 `app/src/main/java/com/x8bit/bitwarden/ui/auth/feature/vaultunlock/VaultUnlockScreen.kt` (+1 -1) 📝 `app/src/main/java/com/x8bit/bitwarden/ui/auth/feature/vaultunlock/VaultUnlockViewModel.kt` (+2 -9) 📝 `app/src/main/java/com/x8bit/bitwarden/ui/platform/feature/settings/accountsecurity/AccountSecurityScreen.kt` (+5 -8) 📝 `app/src/main/java/com/x8bit/bitwarden/ui/platform/feature/settings/accountsecurity/AccountSecurityViewModel.kt` (+31 -22) 📝 `app/src/main/java/com/x8bit/bitwarden/ui/platform/manager/biometrics/BiometricsManager.kt` (+1 -1) 📝 `app/src/main/java/com/x8bit/bitwarden/ui/platform/manager/biometrics/BiometricsManagerImpl.kt` (+2 -2) 📝 `app/src/test/java/com/x8bit/bitwarden/data/auth/datasource/disk/AuthDiskSourceTest.kt` (+29 -0) _...and 8 more files_ </details> ### 📄 Description ## 🎟️ Tracking [PM-15356](https://bitwarden.atlassian.net/browse/PM-15356) ## 📔 Objective This PR adds an extra layer of security to the biometrics prompt by signing the user key before storing it, meaning that only a real cipher from the Biometric Prompt can decrypt the data and unlock the vault. ## ⏰ Reminders before review - Contributor guidelines followed - All formatters and local linters executed and passed - Written new unit and / or integration tests where applicable - Used internationalization (i18n) for all UI strings - CI builds passed - Communicated to DevOps any deployment requirements - Updated any necessary documentation or informed the documentation team ## 🦮 Reviewer guidelines <!-- Suggested interactions but feel free to use (or not) as you desire! --> - 👍 (`:+1:`) or similar for great changes - 📝 (`:memo:`) or ℹ️ (`:information_source:`) for notes or general info - ❓ (`:question:`) for questions - 🤔 (`:thinking:`) or 💭 (`:thought_balloon:`) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion - 🎨 (`:art:`) for suggestions / improvements - ❌ (`:x:`) or ⚠️ (`:warning:`) for more significant problems or concerns needing attention - 🌱 (`:seedling:`) or ♻️ (`:recycle:`) for future improvements or indications of technical debt - ⛏ (`:pick:`) for minor or nitpick changes [PM-15356]: https://bitwarden.atlassian.net/browse/PM-15356?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
GiteaMirror added the pull-request label 2025-11-26 23:51:59 -06:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
app:authenticator
app:password-manager
bug
bug-passkey
customer-support
duplicate
enhancement
good first issue
help wanted
needs-reply
needs-response
pull-request
Mirrored from GitHub Pull Request
 question
No Label pull-request
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/android#4954
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?