mobile-passbolt-android icon indicating copy to clipboard operation
mobile-passbolt-android copied to clipboard
verified publisher icon passbolt

Biometric authentication broke with Google Pixel march 2025 update

Open JuhnuFin opened this issue 1 year ago • 5 comments

I had a working Passbolt app on my Pixel 9 Pro Fold, running Android 15. After updating the pixel march 2025 update on the phone, fingerprint authentication broke in Passbolt. Authenticating with password + mfa works ok. Fingerprint authentication in other apps (that support it) still works correctly. So only Passbolt fpr broke...

Log (attached) shows Exception getting biometric cipher and few IllegalArgumentExceptions after that.

logs_24hrs.txt

Tested: cleaned cache and memory of Passbolt app, also reinstalled Passbolt app. Same result. Device: Google Pixel 9 Pro Fold Android 15 (35) Passbolt 1.23.0-34

JuhnuFin avatar Mar 11 '25 10:03 JuhnuFin

Hello @JuhnuFin,

Thanks for writing and attaching the log file. First, I tried to reproduce the issue (also on the Pixel 9 (but not Fold) with security update from March 5th), and it is working fine for me. Then I took a look into the logs - the logs say that the encrypted shared preferences file that should exist and contain the biometric key initialization vector cannot be read or returns empty data. This file is created the same way as other app encrypted preferences, which are working well (since you wrote that you can use the app by entering a password).

  • Can you tell if you are using QR codes to setup the app or some other method?
  • Can you also tell if you are using the Pixel's new "private space" feature for passbolt?
  • After reinstalling the app from scratch and going through setup again, on the enable fingerprint screen - does the fingerprint prompt work fine and then break later during sign in?

marc1nm avatar Mar 11 '25 10:03 marc1nm

Hello @mm-mq,

Apologies, I left out one key information from the post. I run Passbolt from Work profile. My phone is set up as COPE, so I have personal and work profiles. Private space feature is not used.

I use QR code enrolling.

After installing Passbolt, I go through the authentication until it asks to "Use fingerprint". When I click that, Android asks to scan finger. After scanning my finger, Passbolt crashes immediately. And that produces the exceptions.

When I restart Passbolt app, and click the fingerprint icon, I get "Something went wrong!" message and no Android fpr prompt is shown.

JuhnuFin avatar Mar 11 '25 12:03 JuhnuFin

I see, I guess the issue may come from that. There was a similar report some time ago on a device managed via Microsoft Intune also with the fingerprint on the work profile (although a different log message) and unfortunately the final solution was to do a factory reset of the device. What can be done before:

  • rebooting device
  • disabling and enabling biometry on the device (via system settings)
  • disabling and enabling device lock screen
  • disabling and enabling ""Verify it’s you" (Settings -> Security & Privacy -> Device unlock -> Face/fingeprint ulock -> Verify it's you switch)
  • checking with other people from the company - if their Android devices that also use work profile have that issue (to confirm if it's a device-specific issue)
  • confirming if there was any change in the administration settings of the work profile
  • verifying if using passbolt installed on the private profile also has this issue - (for the backend - if the corporate one cannot be used outside of work profile - you can create a cloud instance free of charge, valid for 7 days [no credit card info required] - https://www.passbolt.com/cloud/signup)

marc1nm avatar Mar 12 '25 08:03 marc1nm

Just got one more info internally about a similar case - the solution there was to go to Data protection & security -> Device unlocking -> Unlocking via facial recognition & fingerprint for work Then they had to store the fingerprint separately and then reactivate biometric unlocking in the passbolt app which fixed the issue.

marc1nm avatar Mar 12 '25 12:03 marc1nm

I tried removing fingerprint authentication from the work profile and re-enrolling and reinstalling Passbolt (tested with few different scenarios...), problem still exists. Can not do factory reset at this time, so can not confirm if that would work.

I did find one application (credit card managing app) where fpr does not work, and it has worked before. Also there has been some reports of fpr reader completely stop working after mar2025 update on some Pixel 9 devices, so it seems there was some fpr code changes in the update.

I would put this on hold until Pixel april update comes along, to see if that fixes the issue...

JuhnuFin avatar Mar 13 '25 15:03 JuhnuFin

Can confirm that this issue disappeared with Google firmware updates (not sure if it was april or may update...). So closing this as fixed by phone mfgr.

JuhnuFin avatar May 19 '25 07:05 JuhnuFin