18
Views
9
Comments
Solved
[Pin Code] device not secure
Question
Forge component by Labs
10
Published on 23 Apr 2018

I am getting "DEVICE NOT SECURE" on setValue action  from Keystore Plugin in OnSetPin

Rank: #120
Solution

Then the device is considered as not secure.

(Even though CheckKeyStorePlugin returns true. This method checks if the Plugin is available on your application, it doesn't validate if KeyStore is active or not on the device.)


This is related with how KeyStore works directly on the devices.

KeyStore is only active and you can only save values in there if your device has an unlocking mechanism. If it doesn't, then your device is considered as not secure and KeyStore becomes inactive. That's why you cannot save values in there without an unlocking mechanism.


Kind regards,

Rui Barradas

Rank: #120

Hi Filipe,

Are you testing this plugin with a real device or in a browser?


Kind regards,

Rui Barradas

real device

Rank: #120

Is the KeyStore active on the device?

Does the device have an unlock screen mechanism (like a code or a pattern)?


Kind regards,

Rui Barradas

Rank: #120

Please, put a PIN or pattern to unlock the device and try again.


Kind regards,

Rui Barradas

Yes it works but if the client does not have any pin set ?

Rank: #120
Solution

Then the device is considered as not secure.

(Even though CheckKeyStorePlugin returns true. This method checks if the Plugin is available on your application, it doesn't validate if KeyStore is active or not on the device.)


This is related with how KeyStore works directly on the devices.

KeyStore is only active and you can only save values in there if your device has an unlocking mechanism. If it doesn't, then your device is considered as not secure and KeyStore becomes inactive. That's why you cannot save values in there without an unlocking mechanism.


Kind regards,

Rui Barradas

But how can I check that to tell the client to define a phone pin or even to show/hide the feature when the phone does not have a pin ?

Rank: #120

What you can do is to set a fixed value in KeyStore and get it back.

If the return is the same that you expect, then KeyStore is active and you can ask for a PIN.


Kind regards,

Rui Barradas