Hi!
I am a developer working on apps that needs to store keys in Android KeyStore. Unfortunately something seem to be broken in the Fairphone 5 and 6 (and potentially other Fairphones) KeyStore/Biometric API implementation as trying to access keys that require an unlocked device to access result in a UserNotAuthenticatedException when the device was unlocked with Face unlock, a non-strong biometric method. This used to be a bug in Android but accordingly to Google’s official documentation, but it should be solved in Android 15: https://developer.android.com/reference/android/security/keystore/KeyGenParameterSpec.Builder#setUnlockedDeviceRequired(boolean)
I could reproduce it on a Fairphone 6 running Android 15 and then updated to Android 16 as well as with a Fairphone 5 running Android 15.
Google confirmed that the device incorrectly passes a parameter indicating that a non-strong biometric is enabled to Android, see the issue on Google’s Issue Tracker: <https://issuetracker.google.com/issues/506989112>
I wanted to raise awareness of the issue and I hope someone can help getting to the bottom of it as it might be in Fairphone’s as an OEM’s implementation and can affect many-many apps, resulting broken authentication and/or encryption or just various broken functionality (imagine an app storing keys related to secure API communication this way).