Menu
I implemented the new biometric lib using setDeviceCredentialAllowed(true) as shown in the official documentation
In this lib there is an activity being used "DeviceCredentialHandlerActivity", this activity has exported=true in the manifest, why is this/is this really needed? As many should know exporting activities should be avoided if possible for security reassons. I have overridden the property with:
<activity android:name="androidx.biometric.DeviceCredentialHandlerActivity"
android:exported="false"
tools:replace="android:exported">
</activity>
and authentication with fingerprint/password is still working on Android 29 AND below.
697
The commit message for this change:
Export biometric DeviceCredentialHandlerActivity
Ensures that DeviceCredentialHandlerActivity is exported so that other activities can launch it through BiometricPrompt without having to explicitly add it to the corresponding app's manifest.
197
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
