-
-
Notifications
You must be signed in to change notification settings - Fork 86
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fingerprint unlock can be bypassed #110
Comments
Thank you for the report. Could you provide the debug log please? In the Settings > Help menu, you have the option to share the debug log. The log is redacted from personal information so the link can be posted here. Alternatively you can send it to support@molly.im |
@Etim-Orb I can't reproduce this, on my device it seems the issue might be device dependent, do you mind adding a debug log, since you have an affected device ? |
I have sent an email to the address provided. |
This bug is caused by a logic error in the the biometric support library (Google) or in the biometric vendor implementation (Samsung). In short, if the device has 2 authenticators and the user has enrolled only in one of them (face or fingerprint), when the enrolled one is temporary unavailable (e.g. after 5 failed attemps), the system tells the app that none of them is enrolled. By design, Molly disables the lock if the user unenroll from biometrics. As a workaround, I have disabled "weak" authenticators in Molly to opt-out from Samsung's face recognition. This fix is available in 5.39.3-1. |
Is there an existing issue for this?
Bug description
The screen lock option can be bypassed on Samsung device if it gets 5 wrong fingerprint matches. If I try to unlock the app with a different finger 5 times, after getting a timeout I reopen the app, I get access to all the messages and the screen lock settings is turned off.
Steps to reproduce
Molly version
v5.37.4-1-FOSS
Android version
Android 12 (OneUI 4.1)
Device
Galaxy A52s 5G
Link to debug log
No response
The text was updated successfully, but these errors were encountered: