Fix Auth Glitches Android

[n13]

user is on welcome screen - no auth needed

May fix the android flicker for new users

AI analysis:

Good news — all three videos confirm the same root cause, just manifesting differently across devices. Here's the updated analysis:

---

Video 2 (11.41.23): The system biometric dialog stays stable on screen, but the app's own UI behind it flickers. The AuthWrapper lock screen appears and disappears behind the dimmed overlay. This is the isAuthenticated state bouncing — checkAuthentication() keeps setting isAuthenticated: true (its else branch) while the pending authenticate() call then sets it back to false when it resolves with a failure.

Video 3 (11.41.27): Shows the Welcome screen ("Create Wallet" / "Import Wallet") with a "Welcome back" bottom sheet (fingerprint + "Use PIN") looping at ~1Hz. That bottom sheet is the OEM-styled Android biometric prompt (Samsung/Xiaomi/etc. customize its appearance as a bottom sheet). Same loop: prompt appears → inactive → recordBackgroundTime() starts async → resumed fires before it completes → checkAuthentication() reads stale lastPausedTime → triggers authenticate() again → new prompt → repeat.

All three fit the same theory. The fix I already applied should handle all cases:

    } else {
      // Handle background states (inactive, paused, hidden, detached)
      // Skip if the biometric dialog caused this lifecycle change — on some
      // Android devices the prompt triggers inactive→resumed oscillation.
      if (!_isBackgrounded && !ref.read(localAuthProvider).isAuthenticating) {
        print('AppLifecycleState.$state - pausing (update pause time only)');
        _isBackgrounded = true;

        pollingManager.pausePolling();
        localAuthNotifier.recordBackgroundTime();
      } else {
        print('AppLifecycleState.$state - already backgrounded, skipping actions');
      }
    }

Why this single fix covers all three scenarios:

When isAuthenticating is true (biometric dialog is showing), the else branch is completely skipped. This means:

• _isBackgrounded stays false
• recordBackgroundTime() is never called (no stale lastPausedTime race)
• When the device oscillates back to resumed, the if (_isBackgrounded) guard on line 88 blocks checkAuthentication() from running

The biometric flow then proceeds normally: authenticate() awaits the system prompt, user scans their finger (or cancels), and the result is handled without interference. No more lifecycle-triggered re-entry into the auth flow.