Unable to set lock pin for Android apps requiring it

chopix · 4 June 2023 11:32

REPRODUCIBILITY: 100%
OS VERSION: 4.5.0.19
HARDWARE: Xperia III
UI LANGUAGE: English
REGRESSION: It seem so according to forum posts, was working in 4.2.0.19

DESCRIPTION:

It is not possible to set a lock pin in android settings, resulting in applications requiring it refusing to start/work (e.g. banking, payment applications).
This appear to have worked in past versions of SailfishOS with Android support, and one of the “workaround” is to flash a older version and then proceed to OTA upgrade from that versus instead flashing the latest one (apparently worked in 4.2.0.19 some users have reported).

PRECONDITIONS:

Flashing the latest version versus having upgraded from 4.2.0.19

STEPS TO REPRODUCE:

Either install an android app requiring the lock pin to be set or try to set the lock pin in android settings (the lock pin won’t be set)

EXPECTED RESULT:

Be able to set the lock pin (in Android).

ACTUAL RESULT:

Not being able to set the lock pin (in Android).

MODIFICATIONS:

None.

ADDITIONAL INFORMATION:

Thread with people discussing the issue: Android app requiring lock pin

jwalden · 7 June 2023 07:57

Thanks for the bug report. Created an internal bug report about this, however we already had a task about this.

jollajo · 20 September 2023 13:59

@jwalden are there any news on this issue?

My bank changed their app which requires a lock. When they stop the previous app I won’t be able to access my account any more, since they require mobile authentication.

jwalden · 13 December 2023 12:37

Unfortunately can’t give any estimates on this, so sorry, no news.

jlangenbach · 17 December 2023 21:21

I would like to suggest another expected outcome:

A set lock pin in Sailfish should make the android system tell it’s aops, that there is a lock screen out of the box.

So there should no need to set an extra pin in android itself.

But an earlier implementation should be more prioritized than a “better one”.

Valorsoguerriero97 · 18 December 2023 23:40

To expect a proper fingerprint support in AppSupport would be good too

meegouser · 22 January 2024 14:27

How is it looking, can we expect at least a preliminary hotfix (as illustrated by @jlangenbach above) in the next release? In my case, not being able to use my brokerage app because of the missing Android App Support-level PIN support is a huge annoyance, solving this issue would be a huge relief for me (and many others, of course, as well).

Blumenkraft · 22 January 2024 18:15

I bet this doesn’t really help, but i never had any problems with Android apps using PIN. Seven out of seven apps working as they should.

meegouser · 23 January 2024 04:33

You probably mean apps that are secured with a “baked in” app-exclusive PIN, we are talking about apps that check if the whole (Android) system is being secured with a set display lock PIN/pattern/biometric signature, Sailfish’s Android App Support does not support this (yet, resp. anymore).

Blumenkraft · 23 January 2024 05:50

Ok.

So eg. your banking app doesn’t have PIN verification “baked in” (as you said it)?

meegouser · 23 January 2024 12:50

Yes, it relies on the OS, instead of doing the PIN request (e.g. during logins) itself. In my case, it says “without a set up device PIN you can’t use this app”, and won’t allow any further actions until it is activated.

shults · 23 January 2024 18:28

The interesting fact is that on older versions it was OK. So somebody missed something with the update and does not fix it for two years.

attah · 23 January 2024 19:10

Are you really sure the app you are having problems with now is still the same version that used to work?

fridlmue · 26 July 2024 17:04

This Bug is still an Issue in SFOS 4.6.0.13.
This would be very cool to get fixed in the next release. Shouldn’t be that difficult to make AppSupport think it is screen looked…

smatkovi · 26 July 2024 20:18

I saw it also in android forums. So the bug is in the underlying Android (lineage or aosp i don’t know?

meegouser · 28 September 2024 15:44

It’s not a “bug” per se, more like an “adaptation with unintended consequences”. Sailfish’s AppSupport neutered the ability of the Android layer to have its own lock PIN, since Sailfish already has that ability on its own. However, Android apps can obviously only see the Android settings, so for them, the lock PIN is deactivated, which becomes a problem once apps mandate an activated lock PIN (as the German broker “Smartbroker+” does, in my case).

Unfortunately, this issue hasn’t been tackled with the latest update to 4.6.0.15 either. @jovirkku I know the issue is “tracked,” but is it actually on someone’s agenda?

JoshStrobl · 26 October 2024 15:32

Not tackled in Sailfish OS 5 either :\

meegouser · 22 November 2024 12:49

The missing ability to set a lock PIN inside the Android layer also thwarts any possibility to have 2FA “passkey” support (WebAuthn - Wikipedia) for Android apps (e.g. Firefox, which supports passkeys on Android 14 and upwards) in the future - as brought up here in April: Android Support Passkey configuration and lock screen.

attah · 24 November 2024 10:03

Passkeys are funamentally flawed. All it does on top of a half-decent password manager is that the client software promises a few things. There are no enforcement mechanisms at all. I.e. Only one factor is actually authenticated. From a security or even general developer perspective, that’s completely insane to advertise as a feature, let alone call 2FA.

So this only furthers the argument that there is a strong correlation between silly apps and enforcing lockscreen password.

meegouser · 25 November 2024 06:41

I’m not a fan of passkeys either, unfortunately some organizations are enforcing their usage (as my university, since today) without alternative.