[Pin Code] device not secure

Forge Component
(9)
Published on 2018-04-23 by Labs
9 votes
Published on 2018-04-23 by Labs

I am getting "DEVICE NOT SECURE" on setValue action  from Keystore Plugin in OnSetPin

Hi Filipe,

Are you testing this plugin with a real device or in a browser?


Kind regards,

Rui Barradas

real device

Is the KeyStore active on the device?

Does the device have an unlock screen mechanism (like a code or a pattern)?


Kind regards,

Rui Barradas

Rui Barradas wrote:

Is the KeyStore active on the device?

Does the device have an unlock screen mechanism (like a code or a pattern)?


Kind regards,

Rui Barradas

 Yes the CheckKeyStorePlugin returns true and the device does not have pin or pattern to unlock

 

Please, put a PIN or pattern to unlock the device and try again.


Kind regards,

Rui Barradas

Yes it works but if the client does not have any pin set ?

Solution

Then the device is considered as not secure.

(Even though CheckKeyStorePlugin returns true. This method checks if the Plugin is available on your application, it doesn't validate if KeyStore is active or not on the device.)


This is related with how KeyStore works directly on the devices.

KeyStore is only active and you can only save values in there if your device has an unlocking mechanism. If it doesn't, then your device is considered as not secure and KeyStore becomes inactive. That's why you cannot save values in there without an unlocking mechanism.


Kind regards,

Rui Barradas

Solution

But how can I check that to tell the client to define a phone pin or even to show/hide the feature when the phone does not have a pin ?

What you can do is to set a fixed value in KeyStore and get it back.

If the return is the same that you expect, then KeyStore is active and you can ask for a PIN.


Kind regards,

Rui Barradas