AndroidX biometrics force fingerprint - androidx

Is it possible to force the AndroidX biometrics library to make use of fingerprint, rather than other mechanisms? Right now, some Samsung devices are forcing our app to use Iris instead of fingerprint, even if the user prefers fingerprints

Related

How to publish legacy android app with "unsafe encryption" error?

We use AES encryption with static key and static vector.
Encryption and decryption of data made on Windows, MacOS and Android.
We know it is not secure to store the key in the app and we do not care about security, we just need to be able to support legacy data format, we need encryption not for security, but for back compatibility. We know we do not provide any data security and our customers know it too. Is where any way to force Play Store to ignore the error and publish our app without moving encryption and decryption functions to NDK?

huawei devices are not loading the google maps inside my app

I am trying to upload my app to the huawei's app gallery but every time I upload it for a review they send a vid where the map inside the app is not loading, At first i thought the issue was that they might be testing it using a device that doesn't have GMS but even after that, the map is not loading
what I tried so far
-I added the signing-certificate fingerprint to the google cloud
but i then remembered that Huawei makes you sign the app with another signing certificate which is SHA-256 and the google console can only take SHA-1 how can i fix this issue
The issue was as expected since Huawei uses the app signing certificate that they created, it wouldn't load the map because google can't take SHA-256, so to fix the issue you should use APK instead of AAB to be able to use your app signing certificate to let the app be able to communicate with the API.
that means you can only use AAB when the app uses HMS instead of GMS
First you are advised to use Huawei map kit on huawei phones.
With respect to your second question, you could use the following command to to obtain SHA1 and SHA256 of the same key:
keytool -list -v -keystore android.jks

Encrypting sensivite data in React Native and Expo

I'm working on a mobile app with React Native and Expo, providing security solutions. Project owner wants to store in app sensitive authorization keys, used to communicate with REST server and access secure data. He demands that these keys are at least encrypted, and hard to read from the outside, as much as possible.
I know about these topics:
Save sensitive data in React Native
Is React Native's Async Storage secure?
and about KeyChain, but they don't cover encryption and expo issues.
So what is the best and most common solution for making this data as safe as possible in React Native Expo app?
Expo now has SecureStore, which stores encrypted data.
Details: https://docs.expo.io/versions/latest/sdk/securestore
I am recently involved in a React Native project with security concerns like yours. Security is not an easy issue and I am not an expert, but this is what we did.
We used react-native-aes-encryption for encryption and hashing, react-native-rsa for generating public/private key pairs. In order to use these libraries properly, you better need to know basic cryptography concepts.
We used react-native-keychain to read/write data from keychain. Keychain is the way to go if you want to store some small sensitive data. It has been used in all Apple OS's in order to keep your passwords safe. That said this component is not working as seamless as expected on the Android side if you want to build your app for both platforms.
Other than that I have no idea about expo. I hope these libraries work for you as well.

without using SDKs how can we scan fingerprint on mobile screen itself for validation of attendence?

I am using "Cordova" platform. I want to scan fingerprint and store in local storage and next time this finger print is taken for validation and attendance should be sent.
There is a fingerprint auth plugin available for Android here: https://www.npmjs.com/package/cordova-plugin-android-fingerprint-auth
It seems pretty up to date.

Flex mobile supports native mobile features?

Does flex mobile supports In-App purchases, push notification etc that can run on all supported mobile platforms (iOS, Android, Blackberry playbook).
Thanks
Currently "all" native mobile features are "supported" via AIR native extensions.
You can read about AIR native extensions here
It is quite a new feature, but the point is, you can create bridge between native code SDK and your AIR application. It means, your application will be able to make calls to native SDK, and also receive events from native SDK.
Basically, if you want to present native feature in your Flex/AIR application, you create native code to achieve what you want (does require only little coding in most cases), bridge it with ActionScript interface, and package it as .ane (air native extension). This extension behaves like actionscript library you can then reuse for all your Flex projects if interested.
Link mentioned above also presents some examples - native notification is amongst them...
Since its fairly new feature, there are only few examples presented, but its not hard to code your own native extension for native feature you want - i did it myself and it worked... (here is simple native extension tutorial)
So the result is - you can present any native feature in your Flex app, as long as you have native extension for it...
Does flex mobile supports In-App
purchases,
Not integrated with the native store "procedures". I hear you can "build your own" using PayPal w/o much trouble; but It is not something I've personally investigated.
push notification
Yeah, it should. As long you're connecting to a server that supports push notifications. BlazeDS and GraniteDS use long polling to accomplish this. WebORB and LiveCycle use RTMP.
It's hard to quantify what "etc" may mean.
A note on Apple push notifications to clear up an apparent misconception from www.Flextras.com: Apple does not allow apps to bypass APNS and implement their own push notification service. Please see point 5.1 below.
From https://developer.apple.com/appstore/resources/approval/guidelines.html#push-notifications:
5. Push notifications
5.1 Apps that provide Push Notifications without using the Apple Push
Notification (APN) API will be rejected
5.2 Apps that use the APN service without obtaining a Push Application ID from
Apple will be rejected
5.3 Apps that send Push Notifications without first obtaining user consent will
be rejected
5.4 Apps that send sensitive personal or confidential information using Push
Notifications will be rejected
5.5 Apps that use Push Notifications to send unsolicited messages, or for the
purpose of phishing or spamming will be rejected
5.6 Apps cannot use Push Notifications to send advertising, promotions, or direct
marketing of any kind
5.7 Apps cannot charge users for use of Push Notifications
5.8 Apps that excessively use the network capacity or bandwidth of the APN
service or unduly burden a device with Push Notifications will be rejected
5.9 Apps that transmit viruses, files, computer code, or programs that may harm
or disrupt the normal operation of the APN service will be rejected
I am currently using this open source iOS ANE to implement in-app purchases in Flex:
http://code.google.com/p/in-app-purchase-air-ios/wiki/APIDescription
There is a push notification ANE (both Android and iOS) as well that I'm currently investigating, although it may not support remote notifications:
http://www.adobe.com/devnet/air/native-extensions-for-air/extensions/notification.html
This iOS-only ANE for push notifications is open source:
http://flashsimulations.com/2011/12/16/apple-push-notification-service-native-extension-for-adobe-air/

Resources