Authentication issue?


#1

I’ve just gone into the Starling app (on Android) several hours since I last used it. Usually I’m asked to reauthenticate if more than a few minutes have passed since I last used it. However, this time, it let me straight in, back to the same screen I had been looking at previously.

I happened to have done a transaction search and was on the search results screen.

I haven’t yet tried to replicate this behaviour but thought I would flag it for @StarlingSupport.


Android Pie
#2

Hi @danmullen,

We’ll follow up via the app to gather the device specifications and attempt to replicate the issue.

@Callum will work with our developers see why and how this behaviour is occurring.

Many thanks for highlighting this to us.


#3

No problem @Oliver_Wright.


#4

I had the same thing a few days ago. I believe we are both pixel 2 XL? I’m guessing both Android Pie now too?

I can’t remember now what I was doing at the time. It may have been a transaction search too though.


#5

Yeah @Dr_Eggman, Pixel 2 XL running Android 9 Pie :+1:t2:


#6

I’ve recreated it!!

Open the app, press the awful green button to get up the transaction list, then search for something. Exit the app by clicking on a notification to any other app, not the home button or app switch. After finishing in that app, even if more than the 30 seconds, go back to Starling and it is unlocked. Same probably happens if you go from the other app to home screen, then later go back to Starling.


#7

Although I just tried it again and it had locked :persevere::persevere::persevere:


#8

I haven’t managed to recreate it so far. Looks like there may have to be a very specific set of conditions for this to happen.


#9

I had this yesterday. After around 5 mins I opened the App and it was unlocked. Yet when I tried again a little later the app was locked as it should have been.

This is on a OnePlus 5T.


#10

Just done it again. I opened the app about 4 hours ago, searched for a goal name in the transaction list, then went to my weather app from a persistent notification, then straight to the home screen. Just opened the app again 4 hours later and it’s opened straight to the transaction list, showing the search results. No prompt for fingerprint or anything.


#11

Hi all,

Thanks for raising this - I’m looking into this with our Android team and will update when I know more :slight_smile:


#12

Hi all,

Thanks again for raising this :slight_smile:

We’ve now done extensive testing and have discovered that if fingerprint verification is used to unlock the device, or even if the device’s fingerprint reader is activated, information from the reader is still transmitted to our app by the OS, even if it is in the background.

In other words, if the fingerprint is used in another app, or read in the background, this could also unlock our app in the background, so when you return to the app it may mysteriously appear to have not been locked.

We don’t believe this is anything to be concerned about, as the fingerprint must still be physically presented on the reader in order to unlock the app in the background, so requiring the user to provide this again when the app is brought to the foreground would not actually provide any security benefit.