Fix for PIN lock bypass when app is killed or repeatedly paused

[alexkeramidas]

Several issues reported that the PIN lock can be bypassed, which was related to the onlyBackgroundTimeout setting. The root cause was the logic deciding when the user was last active. This PR fixes these issues.

The issues could be reproduced in the demo app when setting onlyBackgroundTimeOut to true:

• Launch the app
• Set the expiry to N seconds (or use the default 10 seconds)
• Kill the app
• Wait N + 1 seconds
• Launch the app

Or (not 100% reproducible on all devices)

• Launch the app
• Set the expiry to N seconds (or use the default 10 seconds)
• Send to background via home button
• Wait N + 1 seconds
• Launch the app
• Send to background via home button
• Launch the app

This PR keeps the previous functionality and additionally enhances the behavior when onlyBackground is set to true.

Issues addressed:

#130
#153
#131
#99

[daespark]

Do you mind resolving the conflict?

[alexkeramidas]

Ah, no problem. just saw that. Will do that today.

[alexkeramidas]

OK, rebased.

[icoolguy1995]

On my device, this commit broke the onlyBackgroundTimeOut. Now even if I set onlyBackgroundTimeOut to true, I get lockscreen popup in the middle of my app when navigating between activities.

[alexkeramidas]

Hey, sorry to hear that.
This is interesting since we also use that on our application (and we have not noticed anything like that with lock timeouts ranging from 0 to 15 minutes). Let me see if I can help you.

I will need some small quick info. What timeout do you use in your application?

[icoolguy1995]

I am setting timeout to 1 sec.

[alexkeramidas]

That may have to do with how you are transiting from activity to activity. Can you you try a larger timeout as a test in one of your local branches?

[icoolguy1995]

Yuh, I will try and let you know.

[alexkeramidas]

I will try to reproduce too and see if I can pull a viable fix that does not compromise the security layer, which is the most important aspect of the library and the reason for this PR.

[icoolguy1995]

Thanks. Please let me know if you are also able to reproduce this issue.

[icoolguy1995]

Hi, I tried setting lock timeout to 1min, and I did not get lock prompt in-between activities. But, I noticed another issue, that after the timeout duration is passed, lock does not prompt up. Sometimes it does come up and most often it does not.

[alexkeramidas]

Let me understand the process because we haven't experienced this.

You set the app to lock in 1 minute for example and enable the only in background option right?

[icoolguy1995]

Yes. And my steps to reproduce are:

1. Set the timeout to 1 min, and pressed the middle button to let the app in background. In this scenario, lock did not prompt up.

2. Closed the app completely. This time lock occasionally got promoted but most often it does not.

[alexkeramidas]

That's weird indeed we never experienced it from any of our users and its in the current state for several months now.