Wanted to know if there is a way to detect biometric change in Android without using the setInvalidatedByBiometricEnrollment https://developer.android.com/reference/android/security/keystore/KeyGenParameterSpec.Builder.html#setInvalidatedByBiometricEnrollment(boolean). We currently use this and have noticed that in few devices this fails with biometric not enrolled, even if the user has enrolled biometrics. It also fails with biometric not enrolled, on some Samsung device which have only face id and no fingerprint sensors. I haven't been able to find any other reliable way to detect this. Would appreciate some guidance. Thank you.
Asked
Active
Viewed 1,013 times
1 Answers
0
To check if any new biometric have been enrolled since you created your biometric-associated key, just create a cipher with that key and try to init the cipher. If any new biometrics have been enrolled, the init call should trigger a KeyPermanentlyInvalidatedException
Gurgen Arustamyan
- 102
- 4
-
And do not set a validation duration on the key. This is for keys that only have single use auth on them. – SamIAmHarris Jan 27 '23 at 19:43