Merge pull request #4283 from owncloud/technical/improve_biometrical_auth_security

[TECHNICAL] Improve biometrical authentication security

Author: JuancaG05

CHANGELOG.md

@@ -27,6 +27,7 @@ ownCloud admins and users.
 
 ## Summary
 
+* Security - Improve biometric authentication security: [#4180](https://github.com/owncloud/android/issues/4180)
 * Bugfix - Some Null Pointer Exceptions in MainFileListViewModel: [#4065](https://github.com/owncloud/android/issues/4065)
 * Bugfix - Some Null Pointer Exceptions fixed from Google Play: [#4207](https://github.com/owncloud/android/issues/4207)
 * Bugfix - Add "scope" parameter to /token endpoint HTTP requests: [#4260](https://github.com/owncloud/android/pull/4260)
@@ -51,6 +52,14 @@ ownCloud admins and users.
 
 ## Details
 
+* Security - Improve biometric authentication security: [#4180](https://github.com/owncloud/android/issues/4180)
+
+   Biometric authentication has been improved by checking the result received when
+   performing a successful authentication.
+
+   https://github.com/owncloud/android/issues/4180
+   https://github.com/owncloud/android/pull/4283
+
 * Bugfix - Some Null Pointer Exceptions in MainFileListViewModel: [#4065](https://github.com/owncloud/android/issues/4065)
 
    The MainFileListViewModel has prevented the fileById variable from crashing when

changelog/unreleased/4283

@@ -0,0 +1,7 @@
+Security: Improve biometric authentication security
+
+Biometric authentication has been improved by checking the result received when performing a successful
+authentication.
+
+https://github.com/owncloud/android/issues/4180
+https://github.com/owncloud/android/pull/4283

owncloudApp/src/main/java/com/owncloud/android/presentation/security/biometric/BiometricActivity.kt

@@ -87,16 +87,20 @@ class BiometricActivity : AppCompatActivity() {
 
                 override fun onAuthenticationSucceeded(result: BiometricPrompt.AuthenticationResult) {
                     super.onAuthenticationSucceeded(result)
-                    if (biometricViewModel.shouldAskForNewPassCode()) {
-                        biometricViewModel.removePassCode()
-                        val intent = Intent(baseContext, PassCodeActivity::class.java)
-                        intent.action = PassCodeActivity.ACTION_CREATE
-                        intent.putExtra(PassCodeActivity.EXTRAS_MIGRATION, true)
-                        startActivity(intent)
+                    if (result.cryptoObject?.cipher != cryptoObject.cipher) {
+                        authError()
+                    } else {
+                        if (biometricViewModel.shouldAskForNewPassCode()) {
+                            biometricViewModel.removePassCode()
+                            val intent = Intent(baseContext, PassCodeActivity::class.java)
+                            intent.action = PassCodeActivity.ACTION_CREATE
+                            intent.putExtra(PassCodeActivity.EXTRAS_MIGRATION, true)
+                            startActivity(intent)
+                        }
+                        biometricViewModel.setLastUnlockTimestamp()
+                        OwnCloudBiometricManager.onActivityStopped(this@BiometricActivity)
+                        finish()
                     }
-                    biometricViewModel.setLastUnlockTimestamp()
-                    OwnCloudBiometricManager.onActivityStopped(this@BiometricActivity)
-                    finish()
                 }
 
                 override fun onAuthenticationFailed() {