Signal-android: Feature request: use IRIS scanner to lock and unlock Signal app and backups

I don't think it's feasible to encrypt backups with biometrics. They wouldn't survive a factory reset or work on a different device.

True but in that case, you could use the original passphrase you created. Another option would be to 1.) Reinstall Signal. 2.)Re-establish biometric data from IRIS (or other alternative if another is ever implemented such as fingerprints) 3.) Start import signal backup 4.) Recieve authentication request normally requesting passphrase, it asks for your biometric data instead 5.) Signal checks the biometric data stored for backup and validates against biometric data set up in the Signal app (you already re-did the steps to use biometrics). 6.) Restore process occurs (assuming the validation was successful) 7.) User validates all data is available and is readable

Biometric data should not be accessible from userland, not even accessible by the kernel. It is supposed to be stored in the TEE, thus it is not accessible by any app. Signal cannot retrieve it to compare it. And if you do a factory reset, it's gone forever.

Please see https://support.google.com/nexus/answer/6300638

The TEE is within the kernel and is covered by an SELinux policy. Someone clever enough could hack that and gain access. I'm sure somebody has done it but does anyone here have knowledge to get at it? That I don't know.

@moxie0 Are you sure this is the issue you intended to mark as "fixed"above ...?

GitHub Issue Cleanup:
See #7598 for more information.