Hardware-enforced via Android KeyStore + CryptoObject: - AES key in TEE/StrongBox with setUserAuthenticationRequired(true) - BiometricPrompt receives Cipher as CryptoObject, unlocked only after real biometric auth (fingerprint/face), not bypassable - Key auto-invalidated on biometric enrollment change Flow: tap locked chat → BiometricPrompt → on success request server unlock token (POST /api/v1/auth/unlock) → fetch messages with X-Unlock-Token header → display conversation. Dependencies: androidx.biometric:biometric:1.4.0-alpha02 |
||
|---|---|---|
| .. | ||
| wrapper | ||
| gradle-daemon-jvm.properties | ||
| libs.versions.toml | ||