Skip to content

android: implement biometric authentication (fingerprint) #10340

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
f321x wants to merge 2 commits into
base: master
Choose a base branch
from
Open

android: implement biometric authentication (fingerprint) #10340

f321x wants to merge 2 commits into from
+556 −34

Conversation

@f321x
Copy link
Member

@f321x f321x commented Dec 2, 2025
edited by SomberNight
Loading

Allows to unlock the android app with the android biometric api (e.g. fingerprint). Can be enabled in the settings.
The initial version was LLM generated but i reviewed it and rewrote a couple things.

TODO: checkbox to enable it in the wizard during wallet setup once one password is enforced for creation of new wallets

closes #7560

SomberNight
SomberNight reviewed Dec 2, 2025
View reviewed changes
Copy link
Member

@SomberNight SomberNight left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

just some quick comments, I haven't really looked at this

electrum/simple_config.py Outdated
WALLET_ANDROID_USE_BIOMETRIC_AUTHENTICATION = ConfigVar('android_use_biometrics', default=False, type_=bool)
WALLET_ANDROID_BIOMETRIC_DATA = ConfigVar(
'android_biometric_data', default='', type_=str,
short_desc=lambda: 'Wallet password encrypted with android biometric authentication key'
Copy link
Member

@SomberNight SomberNight Dec 2, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i18n localization missing

Copy link
Member Author

@f321x f321x Dec 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah I intentionally didn't add it as the description is not being used, but added the description as i thought of it as a more productive use of the space than adding a simple comment, probably the worst of both worlds.
I removed the description and use a more descriptive variable name now (*BIOMETRIC_DATA sounded a bit ambiguous).

electrum/gui/qml/qebiometrics.py Outdated
Comment on lines 91 to 95
jPythonActivity.startActivityForResult(intent, 12345) # Request code

def _on_activity_result(self, requestCode: int, resultCode: int, intent):
if requestCode != 12345:
return
Copy link
Member

@SomberNight SomberNight Dec 2, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No magic numbers. Create a named constant for it.

E.g. (though this example is in java)

electrum/electrum/gui/qml/java_classes/org/electrum/qr/SimpleScannerActivity.java

Line 33 in cb7e550

private static final int MY_PERMISSIONS_CAMERA = 1002;

Also, just noticed we don't really do this for the qr scanner?? weird. I guess we should.

electrum/electrum/gui/qml/qeqrscanner.py

Lines 57 to 60 in cb7e550

jpythonActivity.startActivityForResult(intent, 0)
def on_qr_activity_result(self, requestCode, resultCode, intent):
try:

Copy link
Member Author

@f321x f321x Dec 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Created constants and added a commit 3d72275 to also use a requestCode in the QR code scanner.

@f321x f321x force-pushed the fingerprint branch 2 times, most recently from f724c33 to 3d72275 Compare December 3, 2025 12:25
@f321x f321x marked this pull request as ready for review December 3, 2025 12:33
f321x added 2 commits December 4, 2025 12:35
@f321x
android: implement biometric authentication
3f088e1 
Allows to unlock the android app with the android biometric api (e.g.
fingerprint). Can be enabled in the settings.
@f321x
qeqrscanner: check requestCode on activity result
cd6b43c
@accumulator
Copy link
Member

accumulator commented Dec 4, 2025

I assume this will be combined with #10339? (as handing over the wallet password to some biometric backend is a risk)

@f321x
Copy link
Member Author

f321x commented Dec 4, 2025
edited
Loading

@accumulator no, the PRs are independent.
The password is encrypted with a secret retrieved from the secure element inside the new Java activity, we then store the encrypted password in our config file, so the wallet password is not stored anywhere outside of Electrum.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@SomberNight SomberNight SomberNight left review comments

Assignees

No one assigned

Labels

gui-qml OS-android🤖

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Android: unlock wallet using fingerprint (biometric authentication)

3 participants

@f321x @accumulator @SomberNight