this post was submitted on 29 Aug 2023
30 points (85.7% liked)

Android

17741 readers
46 users here now

The new home of /r/Android on Lemmy and the Fediverse!

Android news, reviews, tips, and discussions about rooting, tutorials, and apps.

🔗Universal Link: [email protected]


💡Content Philosophy:

Content which benefits the community (news, rumours, and discussions) is generally allowed and is valued over content which benefits only the individual (technical questions, help buying/selling, rants, self-promotion, etc.) which will be removed if it's in violation of the rules.


Support, technical, or app related questions belong in: [email protected]

For fresh communities, lemmy apps, and instance updates: [email protected]

💬Matrix Chat

💬Telegram channels / chats

📰Our communities below


Rules

  1. Stay on topic: All posts should be related to the Android OS or ecosystem.

  2. No support questions, recommendation requests, rants, or bug reports: Posts must benefit the community rather than the individual. Please post to [email protected].

  3. Describe images/videos, no memes: Please include a text description when sharing images or videos. Post memes to [email protected].

  4. No self-promotion spam: Active community members can post their apps if they answer any questions in the comments. Please do not post links to your own website, YouTube, blog content, or communities.

  5. No reposts or rehosted content: Share only the original source of an article, unless it's not available in English or requires logging in (like Twitter). Avoid reposting the same topic from other sources.

  6. No editorializing titles: You can add the author or website's name if helpful, but keep article titles unchanged.

  7. No piracy or unverified APKs: Do not share links or direct people to pirated content or unverified APKs, which may contain malicious code.

  8. No unauthorized polls, bots, or giveaways: Do not create polls, use bots, or organize giveaways without first contacting mods for approval.

  9. No offensive or low-effort content: Don't post offensive or unhelpful content. Keep it civil and friendly!

  10. No affiliate links: Posting affiliate links is not allowed.

Quick Links

Our Communities

Lemmy App List

Chat and More


founded 1 year ago
MODERATORS
top 6 comments
sorted by: hot top controversial new old
[–] [email protected] 21 points 1 year ago (2 children)

Relevant to me as I own an FP3, but still running Android 10 for this very reason.

Software updates can sometimes take away functionality, which can be frustrating & discourage users from updating.

The Fairphone 3's Android 13 update, for example, took away the ability to use the fingerprint scanner for logging into many banking/password manager apps.

Why? Well, Fairphone had no choice. Google's compatibility requirements for Android 13 forced their hand.

Biometric authentication methods are classified into three tiers: Class 3, Class 2, or Class 1. While all 3 can be used to unlock the device, only Class 3 and Class 2 biometrics can integrate with BiometricPrompt (ie. authenticate within apps). That's why the Pixel 7's face unlock feature doesn't support verifying you within apps, as it's a Class 1 biometric. The Pixel 7's fingerprint scanner, however, is a Class 3 biometric, so it can.

Even though both Class 3 and Class 2 biometrics can be used for BiometricPrompt, though, apps ultimately decide whether they want to accept Class 2 or even Class 3 biometrics, using the setAllowedAuthenticators(...) method. Many apps with higher security requirements, like banking apps or password managers, accept Class 3 but not Class 2 biometrics. I think you see where I'm going with this.

With its Android 13 update, the Fairphone 3's fingerprint scanner was downgraded from Class 3 to Class 2. The reason is because Android 13 strengthened the requirements needed for a biometric to be classified as Class 3, and the Fairphone 3's fingerprint scanner could no longer meet this requirement. To be clear, the Fairphone 3 was released in late 2019, so it's using older fingerprint hardware than most other devices running Android 13.

Highlighted in green below is the new requirement that biometrics have to meet to be classified as Class 3. This comes from the Android Compatibility Definition Document (CDD) for Android 13, which enumerates the requirements that devices have to meet in order to be certified as compatible with Android (and is a stepping stone to getting a GMS [Google Mobile Services] license).

Since the Fairphone 3's Android 13 build includes GMS, it has to abide by the CDD, so they had no choice but to downgrade the sensor to Class 2. Fairphone's initial rollout of the Android 13 update didn't mention this change, but they've since amended their update notification and release notes to warn users about this regression.

The Fairphone 4 isn't affected by this as it uses newer, more secure fingerprint hardware. Plus, the Fairphone 3's fingerprint scanner can still be used in a variety of apps. A post on the Fairphone forums maintains a list of which apps are affected. I've also seen Fairphone employees reach out to devs of affected apps to get them to update their UX so the change is less confusing to users, to their credit.

Final note: custom ROMs for the Fairphone 3 are largely unaffected by this change. That's because they can simply revert the change that downgrades the biometrics security classification from Class 3 to Class 2. Custom ROMs can get away with this because they don't care about passing Android certification requirements. This is a common practice when doing a bring-up of newer Android versions on older devices with outdated fingerprint hardware.

[–] [email protected] 5 points 1 year ago (1 children)

It was making sense until he talked about custom roms. I can't believe it's more or less a flag you can just enable/disable the class version.

[–] [email protected] 2 points 1 year ago

Shouldn't this be editable via Adb and SetEdit?

[–] [email protected] 5 points 1 year ago

If there was a way to provide a fingerprint upgrade. This could've been partially mitigated.

[–] [email protected] 2 points 1 year ago (1 children)

Fairphone should have added a system level override that users could have opted in to and make the sensor lie about its class. Or even outright make it lie period. It wouldn't mean a downgrade in security as it just keeps the previous behaviour which apparently was accepted.

[–] Stez827 5 points 1 year ago

If they did that then they wouldn't be able to have gms