Authenticating OkCredit app via Keyguard Manager & not B̶i̶o̶m̶e̶t̶r̶i̶c̶ ̶A̶P̶I̶
6 months ago I got an opportunity to work on authenticating OkCredit app via system security screen. As usual developer I started Googling and found Biometric API is the recommended one from Google, so started integrating Biometric API
While integrating I found issues with Biometric API on some devices
- On Xiomi Redmi Y2 : when users does multiple wrong attempts on system security screen and then they once again try to authenticate, nothing happens here (no screen displayed) they have to exit the app and open again, we just get BiometricConstants.ERROR_LOCKOUT in callback and we have to show our own screen to alert the user which defeats the purpose of using existing system screen
2. GooglePay itself doest't uses Biometric Api, instead it uses KeyguardManager which is deprecated . I can guarantee that by looking in to the UI of the above .gif, it displayed dialog & on the same device GooglePay displays full screen which on be achieved by KeyguardManager.
As we all know that every one, including my PM & CEO always refer Google apps for some features assuming that it is the best , so they wanted the authentication screen to look like GooglePay . This was the most important requirement by the team.
3. Biometric Api even has more issues on different devices other than mentioned above, because of point 2 I didn't explored much.
So I decided to use KeyguardManager, in which I had to face different problems on multiple devices
Devices used
- OnePlus 7 : Android 10, Oxygen OS Build 10.3.3.GM57AA
- Xiomi Redmi Y2 : Android 8.1.0 , MIUI Global 10.3 | Stable
- Motorola One Power : Android 10, Stock Rom , Build no QPTS30.61–18–10
Problems
- OnePlus 7 : Displays full screen security screen
- Xiomi Redmi Y2 : Displays full screen security screen
- Motorola One Power : Displays Bottom Sheet dialog
You might be wondering how UI of different devices can create problem, I am exited to mention that the lifecycle of the our Activity/Fragment ( KeyguardManagerApiFragment.kt class in my case) changes to different lifecycle based on user interaction with the system security screen.
Lifecycle on Devices (worth reading)
One plus & Xiomi Redmi Y2 (displays Full Screen security screen)
Action : Security screen displayed
Lifecycle method called on KeyguardManagerApiFragment.kt:
1. onAttach()
2. onCreateView()
3. onViewCreated()
4. onStart()
5. onResume()
6. onPause()
7. onStop()
Action : click on Recent task in system navigation button
Lifecycle method called on KeyguardManagerApiFragment.kt:
NONE (because of full screen security screen)
Action : resume app by clicking on app from recent task
Lifecycle method called on KeyguardManagerApiFragment.kt:
NONE (because of full screen security screen)
Action : Authentication cancelled (device back button click)
Lifecycle method called on KeyguardManagerApiFragment.kt:
1. onStart()
2. onResume()
3. onActivityResult()
Motorola One Power (displays Dialog security screen)
Action : Security screen displayed
Lifecycle method called on KeyguardManagerApiFragment.kt:
1. onAttach()
2. onCreateView()
3. onViewCreated()
4. onStart()
5. onResume()
6. onPause()
Action : click on Recent task in system navigation button
Lifecycle method called on KeyguardManagerApiFragment.kt:
1. onStart()
2. onResume()
3. onPause()
4. onStop()
Action : resume app by clicking on app from recent task
Lifecycle method called on KeyguardManagerApiFragment.kt:
1. onStart()
2. onResume()
3. onActivityResult()
Action : Authentication cancelled (device back button click)
Lifecycle method called on KeyguardManagerApiFragment.kt:
1. onResume()
2. onActivityResult()
You might be still wondering why I am complicating things by considering these lifecycle on different devices🤔 . I have strong answer for your question😊. One of the most widely used app like PhonePe and others didn't considered this lifecycle and their app has serious bugs on authenticating the user (I am too PhonePe user 🤐)
PhonePe — Motorola One Power :
when I click on Recent task button I see 2 PhonePe apps. When I click on 2nd app (this is system security screen which is in black colour ) it exits automatically and then I clicked on 1st app it starts PhonePe from beginning (SplashScreen).
PhonePe — OnePlus 7 :
when I click on Recent task button I see 2 PhonePe apps. When I click on 2nd app (this is system security screen which is in black colour )it is resumed and I authenticated . In this case I was supposed to be seeing the PhonePe home screen because I got authenticated, instead the app exited and I saw my phone launcher screen
Bothe the above cases in OkCredit app
The biggest trick here is to detect whether the system security screen that is displayed to the user is
Full screen (OnePlus7 & Xiomi Redmi Y2 in my case)
or
Dialog (Motorola One Power in my case)
I used lifecycle to detect this by calculating the difference between onViewCreated() & onStop() . If the difference is ≤ minTimeDifference (2 seconds), then its is Full screen
To detect whether app is put to background by pressing recent task button I used putToBackground boolean & handled callback on onActivityResult()
I concluded this trick when I studied the life cycle which is mentioned above
The most ultimate joke here is even GooglePay didn’t escaped from Security screen bug😆 😅 😂 🤣
GooglePay — Xiomi Redmi Y2 :
When the device is not already setup with security, the app is supposed to take user to setting up Security process, but GooglePay took me to Security & Location screen and automatically goes back some time . Thank God I capture this in video 🤣.
Once I press device Home button the Security & Location screen still auto opens, I had to kill GooglePay app, tried second time was not able to reproduce ☹️
GooglePay — Motorola One Power :
When the GooglePay app is put to background by pressing recent apps button and when user click to resume it , it takes some time to resume. As you can see in the .gif it took 2 times click to put the app to resume, this is not normal behaviour.
I assume Google is doing some hack here 🤣.
OkCredit — Xiomi Redmi Y2 :
When the device is not already setup with security, the app takes user to Setting up security process.
