How to display a cancel button when user selects alternative screen unlock method in BiometricPrompt.promptinfo

Question

I am trying to use BiometricPrompt for app authentication. When the user launches the app, the biometric prompt is displayed, if the user wishes to use the PIN/Pattern/Password, they can do so by selecting the option to go to the pin prompt (as per the .setAllowedAuthenticators(BIOMETRIC_STRONG or DEVICE_CREDENTIAL) ). When the user is on the PIN/Pattern/Password screen, there is no option to go back to the previous activity or even the recents and homescreen. The navigation buttons and gestures are also hidden. How can I display a cancel button so that the user can navigate back or go to the home screen?

Answer 1

In the case of using BiometricPrompt for app authentication, the behavior you described, where the navigation buttons and gestures are hidden, is expected and intended for security reasons. It is designed to prevent users from easily navigating away from the authentication process, ensuring the security of the app.

By design, there is no built-in option to display a cancel button or allow the user to navigate back or go to the home screen during the biometric or device credential authentication flow. This limitation helps maintain the integrity and security of the authentication process.

If you want to provide the user with an option to cancel or navigate away from the authentication flow, you'll need to implement your own custom UI for authentication instead of using BiometricPrompt. This custom UI could include a cancel button or other navigation options.

However, it's important to consider the security implications of allowing users to easily navigate away from the authentication process. Providing such an option may compromise the security of your app, as it could allow unauthorized access or make it easier for attackers to bypass the authentication mechanism.

Ultimately, it's recommended to follow the standard behavior provided by BiometricPrompt and prioritize the security of your app's authentication process.

update

Track the number of authentication attempts: Create a variable to keep track of the number of authentication attempts. You can store this value in a shared preference or any other suitable storage mechanism.

Increment the attempts counter: Whenever an authentication attempt fails, increment the attempts counter. You can do this in the error callback of the BiometricPrompt.

Check the attempts threshold: After each authentication attempt, compare the attempts counter to your desired threshold value. If the counter exceeds the threshold, you can proceed with closing the app.

Closing the app: To close the app programmatically, you can call the finish() method on your activity or use the finishAffinity() method to close all activities associated with your app.

Here's an example implementation in Kotlin:

// Step 1: Track the number of authentication attempts
var authenticationAttempts = 0

// Step 2: Increment the attempts counter
fun incrementAttempts() {
    authenticationAttempts++
}

// Step 3: Check the attempts threshold
fun checkAttemptsThreshold() {
    val maxAttempts = 3 // Set your desired threshold here

    if (authenticationAttempts >= maxAttempts) {
        closeApp()
    }
}

// Step 4: Closing the app
fun closeApp() {
    // Call finish() to close the current activity
    finish()

    // If needed, call finishAffinity() to close all activities associated with your app
    // finishAffinity()
}

Remember to call the incrementAttempts() function whenever an authentication attempt fails, and then call checkAttemptsThreshold() to check if the threshold has been reached. If the threshold is exceeded, you can call closeApp() to close the app.

Note: Keep in mind that forcefully closing the app may not be the best user experience. It's important to handle authentication failures gracefully and provide appropriate feedback to the user before closing the app.