MASTG v1->v2 MASTG-TEST-0018: Testing Biometric Authentication (android)


Create a new MASTG v2 test covering for":

- **Title:** Testing Biometric Authentication
- **ID:** MASTG-TEST-0018
- **Link:** https://mas.owasp.org/MASTG/tests/android/MASVS-AUTH/MASTG-TEST-0018/
- **Platform:** android
- **MASVS v1:** ['MSTG-AUTH-8']
- **MASVS v2:** ['MASVS-AUTH-2']

**Follow the [guidelines](https://docs.google.com/document/d/1veyzE4cVTSnIsKB1DOPUSMhjXow_MtJOtgHeo5HVoho/edit?usp=sharing)**

## IMPORTANT NOTE

This v1 test doesn't contain a lot of detail. See https://mas.owasp.org/MASTG/0x05f-Testing-Local-Authentication/ for more context when porting it.

Also see:
- https://developer.android.com/identity/sign-in/biometric-auth#allow-fallback
- https://developer.android.com/reference/android/app/KeyguardManager#createConfirmDeviceCredentialIntent(java.lang.CharSequence,%20java.lang.CharSequence)
- https://developer.android.com/reference/kotlin/androidx/biometric/package-summary

## Relevant weaknesses

- MASWE-0046	 Crypto Keys Not Invalidated on New Biometric Enrollment
- MASWE-0045	 Fallback to Non-biometric Credentials Allowed for Sensitive Transactions
- MASWE-0044	 Biometric Authentication is Event-bound








Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

MASTG v1->v2 MASTG-TEST-0018: Testing Biometric Authentication (android) #2952

IMPORTANT NOTE

Relevant weaknesses

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

MASTG v1->v2 MASTG-TEST-0018: Testing Biometric Authentication (android) #2952

Description

IMPORTANT NOTE

Relevant weaknesses

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions