petrsyn petrsyn - 5 months ago 196
Android Question

Error after Fingerprint touched on Samsung phones: android.security.KeyStoreException: Key user not authenticated

My app uses Android 6.0 Fingerprint API to protect AES key in the Android KeyStore. The stored key can be used only when user is authenticated by fingerprint sensor because the

KeyGenParameterSpec
is initialized with
setUserAuthenticationRequired(true)
.

When the user touches the sensor I get the initialized Cipher from the callback
onAuthenticationSucceeded(Cipher)
and I use it for decryption.

This works perfectly except on Samsung phones with Android 6. When I try to use the returned Cipher, Samsung phones sometimes throw
android.security.KeyStoreException: Key user not authenticated
. So even though the Cipher is returned by the
onAuthenticationSucceeded(Cipher)
the Android KeyStore thinks user was NOT authenticated by the fingerprint sensor.

It seems that the crash happens rather when the app was not used for longer time. When the app is wormed up all is working correctly usually.

As this error happens randomly and only on Samsung phones... It seems it is caused by some internal timing issue inside the Samsung implementation of Android 6.0 KeyStore and FingerPrint API.

Edit: This issue was also experienced in OnePlus and Acer phones.

Answer

As I don't expect that the mentioned manufacturers will fix this issue soon, I've resolved it by setting the KeyGenParameterSpec.setUserAuthenticationRequired(false) for Samsung, OnePlus and Asus devices.