-
Notifications
You must be signed in to change notification settings - Fork 426
Fix for PIN lock bypass when app is killed or repeatedly paused #157
Conversation
7050f77
to
9237f5b
Compare
Do you mind resolving the conflict? |
Ah, no problem. just saw that. Will do that today. |
OK, rebased. |
On my device, this commit broke the |
Hey, sorry to hear that. I will need some small quick info. What timeout do you use in your application? |
I am setting timeout to 1 sec. |
That may have to do with how you are transiting from activity to activity. Can you you try a larger timeout as a test in one of your local branches? |
Yuh, I will try and let you know. |
I will try to reproduce too and see if I can pull a viable fix that does not compromise the security layer, which is the most important aspect of the library and the reason for this PR. |
Thanks. Please let me know if you are also able to reproduce this issue. |
Hi, I tried setting lock timeout to 1min, and I did not get lock prompt in-between activities. But, I noticed another issue, that after the timeout duration is passed, lock does not prompt up. Sometimes it does come up and most often it does not. |
Let me understand the process because we haven't experienced this. You set the app to lock in 1 minute for example and enable the only in background option right? |
Yes. And my steps to reproduce are:
|
That's weird indeed we never experienced it from any of our users and its in the current state for several months now. |
Several issues reported that the PIN lock can be bypassed, which was related to the
onlyBackgroundTimeout
setting. The root cause was the logic deciding when the user was last active. This PR fixes these issues.The issues could be reproduced in the demo app when setting
onlyBackgroundTimeOut
to true:Or (not 100% reproducible on all devices)
This PR keeps the previous functionality and additionally enhances the behavior when onlyBackground is set to true.
Issues addressed:
#130
#153
#131
#99