On Android, skip the "Confirm" button when using the Biometrics prompt (e.g.: for devices with face unlock)

[victor-marino]

Code Contribution Proposal

The BitWarden Android client is using Android's Biometrics authentication library, which enables support for any kind of biometrics supported by the device.

For most devices, this is going to be a fingerprint reader. However, some devices (such as the newer Pixels) support secure face unlock too.

Unfortunately, by default the Biometrics API treats any authentication as if it were a high-risk operation (such as a purchase), and requires the user to press a "Confirm" button after a successful face authentication:

However, as pointed out in the docs, this option should be disabled for low-risk actions such as logging into apps, as it breaks the flow and defeats the point of using face authentication in the first place:

Authenticate without explicit user action

By default, the system requires users to perform a specific action, such as pressing a button, after their biometric credentials are accepted. This configuration is preferable if your app is showing the dialog to confirm a sensitive or high-risk action, such as making a purchase.

If your app shows a biometric authentication dialog for a lower-risk action, however, you can provide a hint to the system that the user doesn't need to confirm authentication. This hint can allow the user to view content in your app more quickly after re-authenticating using a passive modality, such as face- or iris-based recognition. To provide this hint, pass false into the setConfirmationRequired() method.

The result is then a seamless, iPhone-like authentication flow where the user is just taken to the app without any manual action:

This is how apps like Revolut handle it, for instance.

I think all that needs to be done is to just add .setConfirmationRequired(false) to these two instances of the authentication prompt:

cipher
    ?.let {
        promptInfoBuilder
            .setDescription(activity.getString(R.string.biometrics_direction))
            .setAllowedAuthenticators(Authenticators.BIOMETRIC_STRONG)
            .setNegativeButtonText(activity.getString(R.string.cancel))
        biometricPrompt.authenticate(
            promptInfoBuilder.build(),
            BiometricPrompt.CryptoObject(it),
        )
    }
    ?: run {
        promptInfoBuilder
            .setDescription(activity.getString(R.string.user_verification_direction))
            .setAllowedAuthenticators(
                Authenticators.BIOMETRIC_STRONG or Authenticators.DEVICE_CREDENTIAL,
            )
        biometricPrompt.authenticate(promptInfoBuilder.build())
    }

If you agree with the proposal, would it even make sense for me to raise a pull request for such a small change? Or should I just create an issue for you to add it?