{ "id": "165005", "key": "TIMOB-24218", "fields": { "issuetype": { "id": "2", "description": "A new feature of the product, which has yet to be developed.", "name": "New Feature", "subtask": false }, "project": { "id": "10153", "key": "TIMOB", "name": "Titanium SDK/CLI", "projectCategory": { "id": "10100", "description": "Titanium and related SDKs used in application development", "name": "Client" } }, "fixVersions": [ { "id": "18414", "description": "", "name": "Release 6.2.0", "archived": false, "released": true, "releaseDate": "2017-09-13" } ], "resolution": { "id": "1", "description": "A fix for this issue is checked into the tree and tested.", "name": "Fixed" }, "resolutiondate": "2017-08-09T22:19:41.000+0000", "created": "2016-12-13T19:27:07.000+0000", "priority": { "name": "Critical", "id": "1" }, "labels": [ "android", "keychain-access" ], "versions": [], "issuelinks": [], "assignee": { "name": "gmathews", "key": "gmathews", "displayName": "Gary Mathews", "active": true, "timeZone": "America/Los_Angeles" }, "updated": "2017-08-29T23:14:20.000+0000", "status": { "description": "The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.", "name": "Closed", "id": "6", "statusCategory": { "id": 3, "key": "done", "colorName": "green", "name": "Done" } }, "components": [ { "id": "10202", "name": "Android", "description": "Android Platform" } ], "description": "Now that iOS keychain functionality has been sorted out in TIMOB-20547, we would like someone to look into exposing Android Keychain functionality discussed in [https://developer.android.com/reference/android/security/KeyChain.html]. \r\n\r\nCurrently, I believe Android TouchId module can only check for correct/incorrect fingerprint. We would like to actually save key/value pair and hopefully get some additional security features that native code provides. \r\n\r\n", "attachment": [], "flagged": false, "summary": "Android: Expose Keychain access in Ti.TouchID (Parity with iOS)", "creator": { "name": "nradaev", "key": "nradaev", "displayName": "Nikita Radaev", "active": true, "timeZone": "America/Los_Angeles" }, "subtasks": [], "reporter": { "name": "nradaev", "key": "nradaev", "displayName": "Nikita Radaev", "active": true, "timeZone": "America/Los_Angeles" }, "environment": "Andorid 5.4 - Current", "closedSprints": [ { "id": 920, "state": "closed", "name": "2017 Sprint 14 SDK", "startDate": "2017-07-02T16:29:41.455Z", "endDate": "2017-07-16T16:29:00.000Z", "completeDate": "2017-07-17T14:39:47.328Z", "originBoardId": 114 }, { "id": 796, "state": "closed", "name": "2017 Sprint 02 SDK", "startDate": "2017-01-15T00:00:41.845Z", "endDate": "2017-01-29T00:00:00.000Z", "completeDate": "2017-01-30T21:10:44.640Z", "originBoardId": 114 } ], "comment": { "comments": [ { "id": "403300", "author": { "name": "nradaev", "key": "nradaev", "displayName": "Nikita Radaev", "active": true, "timeZone": "America/Los_Angeles" }, "body": "Some more info about Android keystore here: https://developer.android.com/training/articles/keystore.html", "updateAuthor": { "name": "nradaev", "key": "nradaev", "displayName": "Nikita Radaev", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2016-12-13T20:08:32.000+0000", "updated": "2016-12-13T20:08:32.000+0000" }, { "id": "403630", "author": { "name": "arohini", "key": "arohini", "displayName": "Ajith Rohini", "active": true, "timeZone": "America/Los_Angeles" }, "body": "[~nradaev] I had a chat with our R&D and as per them, it took us a bit amount of time to address the iOS ticket and this one might take longer. Currently this is scheduled for Q1/Q2 2017. We apologize for the delay on this. But if you think its critical, please let Saleem know. ", "updateAuthor": { "name": "arohini", "key": "arohini", "displayName": "Ajith Rohini", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2016-12-19T19:30:31.000+0000", "updated": "2016-12-19T19:30:31.000+0000" }, { "id": "422921", "author": { "name": "gmathews", "key": "gmathews", "displayName": "Gary Mathews", "active": true, "timeZone": "America/Los_Angeles" }, "body": "master: https://github.com/appcelerator-modules/ti.touchid/pull/32", "updateAuthor": { "name": "gmathews", "key": "gmathews", "displayName": "Gary Mathews", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2017-06-26T23:46:09.000+0000", "updated": "2017-06-26T23:46:09.000+0000" }, { "id": "422939", "author": { "name": "hknoechel", "key": "hansknoechel", "displayName": "Hans Knöchel", "active": true, "timeZone": "Europe/Berlin" }, "body": "The CR-review is nearly finished, Gary provided a release to test already, thanks [~gmathews]!\r\n\r\nhttps://github.com/appcelerator-modules/ti.touchid/releases/tag/android-2.2.0", "updateAuthor": { "name": "hknoechel", "key": "hansknoechel", "displayName": "Hans Knöchel", "active": true, "timeZone": "Europe/Berlin" }, "created": "2017-06-27T14:19:53.000+0000", "updated": "2017-06-27T14:19:53.000+0000" }, { "id": "423142", "author": { "name": "nradaev", "key": "nradaev", "displayName": "Nikita Radaev", "active": true, "timeZone": "America/Los_Angeles" }, "body": "Great! Are there any docs available? Attached example shows only the very basic case.\r\n\r\n As far as I know, Android keystore works slightly different than iOS one. I would like to do some testing on our end as well. ", "updateAuthor": { "name": "nradaev", "key": "nradaev", "displayName": "Nikita Radaev", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2017-06-29T14:13:00.000+0000", "updated": "2017-06-29T14:14:44.000+0000" }, { "id": "423991", "author": { "name": "nradaev", "key": "nradaev", "displayName": "Nikita Radaev", "active": true, "timeZone": "America/Los_Angeles" }, "body": "Hi guys,\r\n\r\nAfter a quick test I have a few questions: \r\n\r\n- Is there a support for fingerprint authentication?\r\n- Will there be constraints available like accessControlMode and accessibilityMode for iOS TouchID module? \r\n\r\nOne of our use cases is being able to put a value in the keystore with constraints and then retrieve it using fingerprint.\r\n\r\nI dont believe Android & iOS TouchID modules will have parity without these two features.\r\n", "updateAuthor": { "name": "nradaev", "key": "nradaev", "displayName": "Nikita Radaev", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2017-07-12T13:10:36.000+0000", "updated": "2017-07-12T13:12:52.000+0000" }, { "id": "423993", "author": { "name": "gmathews", "key": "gmathews", "displayName": "Gary Mathews", "active": true, "timeZone": "America/Los_Angeles" }, "body": "[~nradaev]\r\n\r\n- Yes, [here's an example|https://github.com/appcelerator-modules/ti.touchid/blob/master/android/example/app.js] for fingerprint authentication\r\n- Nope, those are iOS specific properties\r\n\r\nThanks for the use case, I'll implement the ability to do that on Android.", "updateAuthor": { "name": "gmathews", "key": "gmathews", "displayName": "Gary Mathews", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2017-07-12T14:23:56.000+0000", "updated": "2017-07-12T14:23:56.000+0000" }, { "id": "424074", "author": { "name": "nradaev", "key": "nradaev", "displayName": "Nikita Radaev", "active": true, "timeZone": "America/Los_Angeles" }, "body": "Hi Gary,\r\n\r\nThank you for a quick reply. I will do some additional testing regarding fingerprint authentication. \r\n\r\nSpeaking of constraints, I understand that accessControlMode and accessibilityMode are iOS specific constants and Android keystore is not as granular. \r\n\r\nHowever, the use case I was describing above (ability to retrieve keystore value with a fingerprint) also requires that a passcode is setup on device at the moment of writing/reading of keychain items, ideally controlled by some sort of optional value. \r\n\r\nBasically, we will have some values that have lower security priority and a couple with a high security priority. For lower security items we just need a basic read/write/remove functionality that is currently covered. For higher security items we would like to force user to have some sort of additional device protection setup.\r\n\r\nI believe this is possible to achieve using spec.setUserAuthenticationRequried(true). It would also be nice if this constraint could include patterns and pins. As far as I understand its also possible to set a timeout period for how long \"authentication\" lasts since user inserted his pass/pin/pattern. It would be great if you could expose that value as well, as other use cases may arise in the future.\r\n\r\nSo basically we are hoping you could emulate accessiblityMode: ACCESSIBLE_WHEN_PASSCODE_SET. \r\n\r\nPlease let me know your thoughts on this matter,\r\n\r\nNikita.", "updateAuthor": { "name": "nradaev", "key": "nradaev", "displayName": "Nikita Radaev", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2017-07-13T15:34:18.000+0000", "updated": "2017-07-13T15:40:24.000+0000" }, { "id": "424332", "author": { "name": "gmathews", "key": "gmathews", "displayName": "Gary Mathews", "active": true, "timeZone": "America/Los_Angeles" }, "body": "[~nradaev] I have updated the {{2.2.0}} pre-release: https://github.com/appcelerator-modules/ti.touchid/releases/tag/android-2.2.0\r\n\r\n{code:js}\r\nvar TouchID = require('ti.touchid');\r\n keychainItem = TouchID.createKeychainItem({\r\n identifier: 'test_key',\r\n //cipher: 'AES/CBC/PKCS7Padding',\r\n accessControlMode: TouchID.ACCESS_CONTROL_TOUCH_ID_ANY\r\n }),\r\n win = Ti.UI.createWindow({backgroundColor: 'white', layout: 'vertical'});\r\n queue = [],\r\n callback = function(e) {\r\n if (queue.length) {\r\n queue.shift().close();\r\n }\r\n alert(JSON.stringify(e, null, 2));\r\n };\r\n\r\nkeychainItem.addEventListener('save', callback);\r\nkeychainItem.addEventListener('read', callback);\r\n\r\nbutton('SAVE', function() {\r\n showFingerprint();\r\n keychainItem.save('test');\r\n});\r\nbutton('READ', function() {\r\n showFingerprint();\r\n keychainItem.read();\r\n});\r\n\r\nwin.open();\r\n\r\nfunction showFingerprint() {\r\n if (keychainItem.accessControlMode !== TouchID.ACCESS_CONTROL_TOUCH_ID_ANY) return;\r\n var win = Ti.UI.createWindow({backgroundColor: 'white'}),\r\n img = Ti.UI.createImageView({image: 'http://bit.ly/2ur2X4u', width: 64, height: 64});\r\n queue.push(win);\r\n win.add(img);\r\n win.open();\r\n}\r\nfunction button(title, click) {\r\n var btn = Ti.UI.createButton({title: title, width: Ti.UI.FILL});\r\n btn.addEventListener('click', click);\r\n win.add(btn);\r\n}\r\n{code}", "updateAuthor": { "name": "gmathews", "key": "gmathews", "displayName": "Gary Mathews", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2017-07-18T22:19:04.000+0000", "updated": "2017-07-18T22:19:04.000+0000" }, { "id": "424614", "author": { "name": "nradaev", "key": "nradaev", "displayName": "Nikita Radaev", "active": true, "timeZone": "America/Los_Angeles" }, "body": "Hi Gary, \r\n\r\nThanks for coming back to us on this issue.\r\n\r\nUnfortunately, application build process fails with supplied module.\r\n\r\nIs there a more stable version I can use? \r\n\r\nN.", "updateAuthor": { "name": "nradaev", "key": "nradaev", "displayName": "Nikita Radaev", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2017-07-24T19:20:16.000+0000", "updated": "2017-07-24T19:20:16.000+0000" }, { "id": "424681", "author": { "name": "gmathews", "key": "gmathews", "displayName": "Gary Mathews", "active": true, "timeZone": "America/Los_Angeles" }, "body": "[~nradaev] Updated the pre-release, it should work now.", "updateAuthor": { "name": "gmathews", "key": "gmathews", "displayName": "Gary Mathews", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2017-07-25T19:10:46.000+0000", "updated": "2017-07-25T19:10:46.000+0000" }, { "id": "424689", "author": { "name": "nradaev", "key": "nradaev", "displayName": "Nikita Radaev", "active": true, "timeZone": "America/Los_Angeles" }, "body": "Thank you Gary! It seems to work correctly. I still have a couple things I want to discuss with about this ticket. I propose we take it up via email in order to avoid clutter here. Could you please contact me at nikita.radaev@meridiancu.ca?\r\n", "updateAuthor": { "name": "nradaev", "key": "nradaev", "displayName": "Nikita Radaev", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2017-07-25T20:23:41.000+0000", "updated": "2017-07-25T20:23:59.000+0000" }, { "id": "426371", "author": { "name": "lchoudhary", "key": "lchoudhary", "displayName": "Lokesh Choudhary", "active": true, "timeZone": "America/Los_Angeles" }, "body": "Verified the implementation.\r\n\r\nKey/value can be saved in the keychain & be retrieved using the fingerprint.\r\n\r\nStudio Ver: 4.9.1.201707200100\r\nSDK Ver: 6.1.2.GA\r\nOS Ver: 10.12.3\r\nXcode Ver: Xcode 8.3.3\r\nAppc NPM: 4.2.9\r\nAppc CLI: 6.2.3\r\nTi CLI Ver: 5.0.14\r\nAlloy Ver: 1.9.13\r\nNode Ver: 6.10.1\r\nJava Ver: 1.8.0_101\r\nDevices: ⇨ google Pixel --- Android 7.1.1\r\nTouchid module : 2.2.0", "updateAuthor": { "name": "lchoudhary", "key": "lchoudhary", "displayName": "Lokesh Choudhary", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2017-08-09T20:49:49.000+0000", "updated": "2017-08-09T20:51:35.000+0000" }, { "id": "426931", "author": { "name": "lchoudhary", "key": "lchoudhary", "displayName": "Lokesh Choudhary", "active": true, "timeZone": "America/Los_Angeles" }, "body": "Verified the fix in 6.2.0.v20170818105443. \r\nFor master the {{touchid}} module will have to be recompiled to work with 7.0.0.\r\nLeaving this in resolved state as of now.", "updateAuthor": { "name": "lchoudhary", "key": "lchoudhary", "displayName": "Lokesh Choudhary", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2017-08-19T00:11:20.000+0000", "updated": "2017-08-19T00:11:20.000+0000" }, { "id": "427255", "author": { "name": "eharris", "key": "eharris", "displayName": "Ewan Harris", "active": true, "timeZone": "Europe/Dublin" }, "body": "PRs to land changes into SDK\r\n\r\nmaster: https://github.com/appcelerator/titanium_mobile/pull/9359\r\n6_2_X: https://github.com/appcelerator/titanium_mobile/pull/9360", "updateAuthor": { "name": "eharris", "key": "eharris", "displayName": "Ewan Harris", "active": true, "timeZone": "Europe/Dublin" }, "created": "2017-08-25T15:21:04.000+0000", "updated": "2017-08-25T15:21:04.000+0000" }, { "id": "427387", "author": { "name": "lchoudhary", "key": "lchoudhary", "displayName": "Lokesh Choudhary", "active": true, "timeZone": "America/Los_Angeles" }, "body": "Verified the fix with SDK 6.2.0.v20170829152447 & 7.0.0.v20170829152646.\r\n\r\nFor 7.0.0.v20170829152646 the touchID module is not selectable in the tiapp.xml and needs to be recompiled to work with it.\r\n\r\nClosing.\r\n\r\nStudio Ver: 4.9.1.201707200100\r\nOS Ver: 10.12.3\r\nXcode Ver: Xcode 8.3.3\r\nAppc NPM: 4.2.9\r\nAppc CLI: 6.2.3\r\nTi CLI Ver: 5.0.14\r\nAlloy Ver: 1.9.13\r\nNode Ver: 6.10.1\r\nJava Ver: 1.8.0_101\r\nDevices: ⇨ google Nexus 5 --- Android 6.0.1\r\n⇨ google Pixel --- Android 7.1.1", "updateAuthor": { "name": "lchoudhary", "key": "lchoudhary", "displayName": "Lokesh Choudhary", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2017-08-29T23:11:55.000+0000", "updated": "2017-08-29T23:14:05.000+0000" } ], "maxResults": 28, "total": 28, "startAt": 0 } } }