Signal-android: Fingerprint unlock

The purpose of the passphrase is disk encryption, which we have to maintain until Android's built in FDE is acceptable. It's not really possible to do disk encryption with a fingerprint, afaik. Please reopen if there's some modern keychain thing I don't know about which would enable that, though.

Wouldn't the fingerprint be able to keep the passphrase encrypted and decrypt it in order to use it ?

See: https://github.com/mcnerthney/android-fingerprint-decrypt

Marshmallow supposedly has some API for this:
https://developer.android.com/about/versions/marshmallow/android-6.0.html#fingerprint-authentication

This release offers new APIs to let you authenticate users by using their fingerprint scans on supported devices, Use these APIs in conjunction with the Android Keystore system.

I've seen it being used at least in one app, Keepass2Android where you can unlock your password database with the fingerprint scanner (i.e. without explicitly entering the database passphrase).

Are we able to take an approach similar to how apple does with their iPhone? We can require a pin for encryption and require it to be enabled in order to have fingerprint enabled.

However, I agree with 2-4601 that the 6.0 API is better to use.

At least in the US - law enforcement can compel you to unlock a device with your fingerprint, but cannot compel you to enter a passphrase. Is this a consideration?

@NuclearFej https://www.engadget.com/2016/12/14/florida-court-rules-police-can-demand-your-phones-passcode/ At least in Florida there is precedent for compelling someone to produce a passcode.

The government is in here promoting fingerprint, why would a secure system provide fingerprint its only as secure and you can keep your fingerprint, how many things did you touch today? and I hope you did not leave a print.

On the other hand, isn't it better to have a choice rather then not to have one? We can always have some short disclaimer about security of the fingerprint unlock.

It is all about giving it as an additional choice.

Then a few settings could allow poeple to fine tune a few things:

• set the app to require only the passphrase
• set the app to always require the fingerprint with fallback to passphrase
• set the app to require the passphrase once after each reboot then fingerprint (with fallback to passphrase) until next reboot,
• set the app to require the passphrase if the app hasn't been opened for a user defined period of time

I think this is absolutely imperative on an app like this that promotes privacy. @laurentdinclaux describes the perfect implementation. Allow locking of the app via PIN/passphrase, and then allow an option to use Fingerprint instead. If you really want you can add a huge disclaimer when someone toggles the fingerprint option, but IMO at least doing this is better than leaving the app wide open.

+1 for this feature

@yaxxie:

Please try not to bump issues: https://github.com/WhisperSystems/Signal-Android/blob/master/CONTRIBUTING.md#dont-bump-issues

If an issue is open it's open. If you want to express support for something that's already been said or documented, please use the "reactions." Thanks.

To get around the compelling the fingerprint issue the 1password method of wiping the data while travelling and restoring when clear to do so could be an option.

hxxps://blog.agilebits.com/2017/05/18/introducing-travel-mode-protect-your-data-when-crossing-borders/

I have no affiliation with 1password except that I am a user of it.

Using my fingerprint is far more convenient as an everyday thing when messaging friends and family, but when travelling etc it could be turned off.

Has there been any progress on this? Anyone working on it?

@rmorey Please read the contributing guidelines before you participate in this repository again. Specifically, if you had looked two comments above, you would have seen @NinebitX's comment:

Please try not to bump issues: https://github.com/WhisperSystems/Signal-Android/blob/master/CONTRIBUTING.md#dont-bump-issues
If an issue is open it's open. If you want to express support for something that's already been said or documented, please use the "reactions." Thanks.

Edit: thank you for acknowledging my comment :)

Excerpt from the What's New notes for Signal v4.17:

Unlock Signal's screen without lifting a finger (from the fingerprint reader on your phone that is now supported).

@jlund-signal so I just took a look at the new interface and I have a few comments. Let me know if this should go into a new thread, but here we go:

1. Most apps tie fingerprint sign-in to a password specific for that app or account. For instance LastPass' fingerprint sign in is in place of the master password, and banking fingerprint sign-in is in place of banking logins. Venmo's fingerprint lock is in place of the PIN lock. I recommend that Signal's fingerprint lock be tied to an app PIN/passcode. It should be separate from your device password.

2. The locking mechanism is funky. You get a persistent notification and the app only locks when you select lock or close out of the app. Instead, if one sets the timer to 0s automatic lock, then any time you lose focus from the app, you should be prompted to unlock it again. A good example is Authy or LastPass where the minute you leave the app and come back in you need to re-authenticate.