npm - @capgo/capacitor-native-biometric - Versions diffs - 6.0.3 → 7.1.1 - Mend

@capgo/capacitor-native-biometric 6.0.3 → 7.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (60) hide show

package/CapgoCapacitorNativeBiometric.podspec CHANGED Viewed

@@ -8,6 +8,6 @@
     s.author = 'Martin Donadieu'
     s.source = { :git => 'https://github.com/Cap-go/capacitor-native-biometric', :tag => s.version.to_s }
     s.source_files = 'ios/Plugin/**/*.{swift,h,m,c,cc,mm,cpp}'
-    s.ios.deployment_target  = '13.0'
+    s.ios.deployment_target = '14.0'
     s.dependency 'Capacitor'
   end

package/README.md CHANGED Viewed

@@ -92,7 +92,7 @@ This is a plugin specific list of error codes that can be thrown on verifyIdenti
 ### isAvailable(...)
 ```typescript
-isAvailable(options?: IsAvailableOptions | undefined) => any
+isAvailable(options?: IsAvailableOptions | undefined) => Promise<AvailableResult>
 ```
 Checks if biometric authentication hardware is available.
@@ -101,7 +101,7 @@ Checks if biometric authentication hardware is available.
 | ------------- | ----------------------------------------------------------------- |
 | **`options`** | <code><a href="#isavailableoptions">IsAvailableOptions</a></code> |
-**Returns:** <code>any</code>
+**Returns:** <code>Promise&lt;<a href="#availableresult">AvailableResult</a>&gt;</code>
 **Since:** 1.0.0
@@ -111,7 +111,7 @@ Checks if biometric authentication hardware is available.
 ### verifyIdentity(...)
 ```typescript
-verifyIdentity(options?: BiometricOptions | undefined) => any
+verifyIdentity(options?: BiometricOptions | undefined) => Promise<void>
 ```
 Prompts the user to authenticate with biometrics.
@@ -120,8 +120,6 @@ Prompts the user to authenticate with biometrics.
 | ------------- | ------------------------------------------------------------- |
 | **`options`** | <code><a href="#biometricoptions">BiometricOptions</a></code> |
-**Returns:** <code>any</code>
 **Since:** 1.0.0
 --------------------
@@ -130,7 +128,7 @@ Prompts the user to authenticate with biometrics.
 ### getCredentials(...)
 ```typescript
-getCredentials(options: GetCredentialOptions) => any
+getCredentials(options: GetCredentialOptions) => Promise<Credentials>
 ```
 Gets the stored credentials for a given server.
@@ -139,7 +137,7 @@ Gets the stored credentials for a given server.
 | ------------- | --------------------------------------------------------------------- |
 | **`options`** | <code><a href="#getcredentialoptions">GetCredentialOptions</a></code> |
-**Returns:** <code>any</code>
+**Returns:** <code>Promise&lt;<a href="#credentials">Credentials</a>&gt;</code>
 **Since:** 1.0.0
@@ -149,7 +147,7 @@ Gets the stored credentials for a given server.
 ### setCredentials(...)
 ```typescript
-setCredentials(options: SetCredentialOptions) => any
+setCredentials(options: SetCredentialOptions) => Promise<void>
 ```
 Stores the given credentials for a given server.
@@ -158,8 +156,6 @@ Stores the given credentials for a given server.
 | ------------- | --------------------------------------------------------------------- |
 | **`options`** | <code><a href="#setcredentialoptions">SetCredentialOptions</a></code> |
-**Returns:** <code>any</code>
 **Since:** 1.0.0
 --------------------
@@ -168,7 +164,7 @@ Stores the given credentials for a given server.
 ### deleteCredentials(...)
 ```typescript
-deleteCredentials(options: DeleteCredentialOptions) => any
+deleteCredentials(options: DeleteCredentialOptions) => Promise<void>
 ```
 Deletes the stored credentials for a given server.
@@ -177,8 +173,6 @@ Deletes the stored credentials for a given server.
 | ------------- | --------------------------------------------------------------------------- |
 | **`options`** | <code><a href="#deletecredentialoptions">DeleteCredentialOptions</a></code> |
-**Returns:** <code>any</code>
 **Since:** 1.0.0
 --------------------
@@ -187,13 +181,6 @@ Deletes the stored credentials for a given server.
 ### Interfaces
-#### IsAvailableOptions
-| Prop              | Type                 | Description                                                                                           |
-| ----------------- | -------------------- | ----------------------------------------------------------------------------------------------------- |
-| **`useFallback`** | <code>boolean</code> | Specifies if should fallback to passcode authentication if biometric authentication is not available. |
 #### AvailableResult
 | Prop               | Type                                                  |
@@ -203,25 +190,26 @@ Deletes the stored credentials for a given server.
 | **`errorCode`**    | <code>number</code>                                   |
-#### BiometricOptions
+#### IsAvailableOptions
-| Prop                     | Type                 | Description                                                                                                                                                | Default        |
-| ------------------------ | -------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------- |
-| **`reason`**             | <code>string</code>  |                                                                                                                                                            |                |
-| **`title`**              | <code>string</code>  |                                                                                                                                                            |                |
-| **`subtitle`**           | <code>string</code>  |                                                                                                                                                            |                |
-| **`description`**        | <code>string</code>  |                                                                                                                                                            |                |
-| **`negativeButtonText`** | <code>string</code>  |                                                                                                                                                            |                |
-| **`useFallback`**        | <code>boolean</code> | Specifies if should fallback to passcode authentication if biometric authentication fails.                                                                 |                |
-| **`fallbackTitle`**      | <code>string</code>  | Only for iOS. Set the text for the fallback button in the authentication dialog. If this property is not specified, the default text is set by the system. |                |
-| **`maxAttempts`**        | <code>number</code>  | Only for Android. Set a maximum number of attempts for biometric authentication. The maximum allowed by android is 5.                                      | <code>1</code> |
+| Prop              | Type                 | Description                                                                                           |
+| ----------------- | -------------------- | ----------------------------------------------------------------------------------------------------- |
+| **`useFallback`** | <code>boolean</code> | Specifies if should fallback to passcode authentication if biometric authentication is not available. |
-#### GetCredentialOptions
+#### BiometricOptions
-| Prop         | Type                |
-| ------------ | ------------------- |
-| **`server`** | <code>string</code> |
+| Prop                       | Type                        | Description                                                                                                                                                | Default        |
+| -------------------------- | --------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------- |
+| **`reason`**               | <code>string</code>         |                                                                                                                                                            |                |
+| **`title`**                | <code>string</code>         |                                                                                                                                                            |                |
+| **`subtitle`**             | <code>string</code>         |                                                                                                                                                            |                |
+| **`description`**          | <code>string</code>         |                                                                                                                                                            |                |
+| **`negativeButtonText`**   | <code>string</code>         |                                                                                                                                                            |                |
+| **`useFallback`**          | <code>boolean</code>        | Specifies if should fallback to passcode authentication if biometric authentication fails.                                                                 |                |
+| **`fallbackTitle`**        | <code>string</code>         | Only for iOS. Set the text for the fallback button in the authentication dialog. If this property is not specified, the default text is set by the system. |                |
+| **`maxAttempts`**          | <code>number</code>         | Only for Android. Set a maximum number of attempts for biometric authentication. The maximum allowed by android is 5.                                      | <code>1</code> |
+| **`allowedBiometryTypes`** | <code>BiometryType[]</code> | Only for Android. Specify which biometry types are allowed for authentication. If not specified, all available types will be allowed.                      |                |
 #### Credentials
@@ -232,6 +220,13 @@ Deletes the stored credentials for a given server.
 | **`password`** | <code>string</code> |
+#### GetCredentialOptions
+| Prop         | Type                |
+| ------------ | ------------------- |
+| **`server`** | <code>string</code> |
 #### SetCredentialOptions
 | Prop           | Type                |
@@ -306,7 +301,7 @@ public class MainActivity extends BridgeActivity {
 ## Contributors
 [Jonthia](https://github.com/jonthia)
-[One Click Web Studio](https://github.com/oneclickwebstudio)
+[QliQ.dev](https://github.com/qliqdev)
 [Brian Weasner](https://github.com/brian-weasner)
 [Mohamed Diarra](https://github.com/mohdiarra)
 ### Want to Contribute?

package/android/build.gradle CHANGED Viewed

@@ -1,8 +1,8 @@
 ext {
     junitVersion = project.hasProperty('junitVersion') ? rootProject.ext.junitVersion : '4.13.2'
-    androidxJunitVersion = project.hasProperty('androidxJunitVersion') ? rootProject.ext.androidxJunitVersion : '1.1.5'
-    androidxEspressoCoreVersion = project.hasProperty('androidxEspressoCoreVersion') ? rootProject.ext.androidxEspressoCoreVersion : '3.5.1'
-    androidxAppCompatVersion = project.hasProperty('androidxAppCompatVersion') ? rootProject.ext.androidxAppCompatVersion : '1.6.1'
+    androidxJunitVersion = project.hasProperty('androidxJunitVersion') ? rootProject.ext.androidxJunitVersion : '1.2.1'
+    androidxEspressoCoreVersion = project.hasProperty('androidxEspressoCoreVersion') ? rootProject.ext.androidxEspressoCoreVersion : '3.6.1'
+    androidxAppCompatVersion = project.hasProperty('androidxAppCompatVersion') ? rootProject.ext.androidxAppCompatVersion : '1.7.0'
 }
 buildscript {
@@ -11,7 +11,7 @@ buildscript {
         mavenCentral()
     }
     dependencies {
-        classpath 'com.android.tools.build:gradle:8.2.1'
+        classpath 'com.android.tools.build:gradle:8.7.2'
     }
 }
@@ -19,10 +19,10 @@ apply plugin: 'com.android.library'
 android {
     namespace "ee.forgr.biometric.capacitornativebiometric"
-    compileSdk project.hasProperty('compileSdkVersion') ? rootProject.ext.compileSdkVersion : 34
+    compileSdk project.hasProperty('compileSdkVersion') ? rootProject.ext.compileSdkVersion : 35
     defaultConfig {
-        minSdkVersion project.hasProperty('minSdkVersion') ? rootProject.ext.minSdkVersion : 22
-        targetSdkVersion project.hasProperty('targetSdkVersion') ? rootProject.ext.targetSdkVersion : 34
+        minSdkVersion project.hasProperty('minSdkVersion') ? rootProject.ext.minSdkVersion : 23
+        targetSdkVersion project.hasProperty('targetSdkVersion') ? rootProject.ext.targetSdkVersion : 35
         versionCode 1
         versionName "1.0"
         testInstrumentationRunner "androidx.test.runner.AndroidJUnitRunner"

package/android/gradle/wrapper/gradle-wrapper.jar CHANGED Viewed

Binary file

package/android/gradle/wrapper/gradle-wrapper.properties CHANGED Viewed

@@ -1,6 +1,6 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.2.1-all.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.11.1-all.zip
 networkTimeout=10000
 validateDistributionUrl=true
 zipStoreBase=GRADLE_USER_HOME

package/android/gradlew CHANGED Viewed

@@ -15,6 +15,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
+# SPDX-License-Identifier: Apache-2.0
+#
 ##############################################################################
 #
@@ -55,7 +57,7 @@
 #       Darwin, MinGW, and NonStop.
 #
 #   (3) This script is generated from the Groovy template
-#       https://github.com/gradle/gradle/blob/HEAD/subprojects/plugins/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt
+#       https://github.com/gradle/gradle/blob/HEAD/platforms/jvm/plugins-application/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt
 #       within the Gradle project.
 #
 #       You can find Gradle at https://github.com/gradle/gradle/.
@@ -83,7 +85,9 @@ done
 # This is normally unused
 # shellcheck disable=SC2034
 APP_BASE_NAME=${0##*/}
-APP_HOME=$( cd "${APP_HOME:-./}" && pwd -P ) || exit
+# Discard cd standard output in case $CDPATH is set (https://github.com/gradle/gradle/issues/25036)
+APP_HOME=$( cd -P "${APP_HOME:-./}" > /dev/null && printf '%s
+' "$PWD" ) || exit
 # Use the maximum available, or set MAX_FD != -1 to use that value.
 MAX_FD=maximum
@@ -144,7 +148,7 @@ if ! "$cygwin" && ! "$darwin" && ! "$nonstop" ; then
     case $MAX_FD in #(
       max*)
         # In POSIX sh, ulimit -H is undefined. That's why the result is checked to see if it worked.
-        # shellcheck disable=SC3045
+        # shellcheck disable=SC2039,SC3045
         MAX_FD=$( ulimit -H -n ) ||
             warn "Could not query maximum file descriptor limit"
     esac
@@ -152,7 +156,7 @@ if ! "$cygwin" && ! "$darwin" && ! "$nonstop" ; then
       '' | soft) :;; #(
       *)
         # In POSIX sh, ulimit -n is undefined. That's why the result is checked to see if it worked.
-        # shellcheck disable=SC3045
+        # shellcheck disable=SC2039,SC3045
         ulimit -n "$MAX_FD" ||
             warn "Could not set maximum file descriptor limit to $MAX_FD"
     esac
@@ -201,11 +205,11 @@ fi
 # Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
 DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'
-# Collect all arguments for the java command;
-#   * $DEFAULT_JVM_OPTS, $JAVA_OPTS, and $GRADLE_OPTS can contain fragments of
-#     shell script including quotes and variable substitutions, so put them in
-#     double quotes to make sure that they get re-expanded; and
-#   * put everything else in single quotes, so that it's not re-expanded.
+# Collect all arguments for the java command:
+#   * DEFAULT_JVM_OPTS, JAVA_OPTS, JAVA_OPTS, and optsEnvironmentVar are not allowed to contain shell fragments,
+#     and any embedded shellness will be escaped.
+#   * For example: A user cannot expect ${Hostname} to be expanded, as it is an environment variable and will be
+#     treated as '${Hostname}' itself on the command line.
 set -- \
         "-Dorg.gradle.appname=$APP_BASE_NAME" \

package/android/gradlew.bat CHANGED Viewed

@@ -13,6 +13,8 @@
 @rem See the License for the specific language governing permissions and
 @rem limitations under the License.
 @rem
+@rem SPDX-License-Identifier: Apache-2.0
+@rem
 @if "%DEBUG%"=="" @echo off
 @rem ##########################################################################
@@ -43,11 +45,11 @@ set JAVA_EXE=java.exe
 %JAVA_EXE% -version >NUL 2>&1
 if %ERRORLEVEL% equ 0 goto execute
-echo.
-echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
-echo.
-echo Please set the JAVA_HOME variable in your environment to match the
-echo location of your Java installation.
+echo. 1>&2
+echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. 1>&2
+echo. 1>&2
+echo Please set the JAVA_HOME variable in your environment to match the 1>&2
+echo location of your Java installation. 1>&2
 goto fail
@@ -57,11 +59,11 @@ set JAVA_EXE=%JAVA_HOME%/bin/java.exe
 if exist "%JAVA_EXE%" goto execute
-echo.
-echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME%
-echo.
-echo Please set the JAVA_HOME variable in your environment to match the
-echo location of your Java installation.
+echo. 1>&2
+echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME% 1>&2
+echo. 1>&2
+echo Please set the JAVA_HOME variable in your environment to match the 1>&2
+echo location of your Java installation. 1>&2
 goto fail

package/android/src/main/java/ee/forgr/biometric/AuthActivity.java CHANGED Viewed

@@ -6,13 +6,14 @@ import android.os.Bundle;
 import android.os.Handler;
 import androidx.annotation.NonNull;
 import androidx.appcompat.app.AppCompatActivity;
+import androidx.biometric.BiometricManager;
 import androidx.biometric.BiometricPrompt;
 import ee.forgr.biometric.capacitornativebiometric.R;
+import java.util.Objects;
 import java.util.concurrent.Executor;
 public class AuthActivity extends AppCompatActivity {
-  private Executor executor;
   private int maxAttempts;
   private int counter = 0;
@@ -23,6 +24,7 @@ public class AuthActivity extends AppCompatActivity {
     maxAttempts = getIntent().getIntExtra("maxAttempts", 1);
+    Executor executor;
     if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.P) {
       executor = this.getMainExecutor();
     } else {
@@ -38,7 +40,7 @@ public class AuthActivity extends AppCompatActivity {
       new BiometricPrompt.PromptInfo.Builder()
         .setTitle(
           getIntent().hasExtra("title")
-            ? getIntent().getStringExtra("title")
+            ? Objects.requireNonNull(getIntent().getStringExtra("title"))
             : "Authenticate"
         )
         .setSubtitle(
@@ -53,18 +55,30 @@ public class AuthActivity extends AppCompatActivity {
         );
     boolean useFallback = getIntent().getBooleanExtra("useFallback", false);
+    int[] allowedTypes = getIntent().getIntArrayExtra("allowedBiometryTypes");
-    if (useFallback) {
-      // TODO: Deprecated function, probably want to migrate to `setAllowedAuthenticators`
-      builder.setDeviceCredentialAllowed(true);
+    if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.R) {
+      int authenticators = BiometricManager.Authenticators.BIOMETRIC_STRONG;
+      if (useFallback) {
+        authenticators |= BiometricManager.Authenticators.DEVICE_CREDENTIAL;
+      }
+      if (allowedTypes != null) {
+        // Filter authenticators based on allowed types
+        authenticators = getAllowedAuthenticators(allowedTypes);
+      }
+      builder.setAllowedAuthenticators(authenticators);
     } else {
-      // Note that this option is incompatible with device credential authentication and must NOT be set if the latter is enabled via `setAllowedAuthenticators` or `setDeviceCredentialAllowed`.
-      // @see https://developer.android.com/reference/androidx/biometric/BiometricPrompt.PromptInfo.Builder#setNegativeButtonText(java.lang.CharSequence)
-      builder.setNegativeButtonText(
-        getIntent().hasExtra("negativeButtonText")
-          ? getIntent().getStringExtra("negativeButtonText")
-          : "Cancel"
-      );
+      if (useFallback) {
+        builder.setDeviceCredentialAllowed(true);
+      } else {
+        builder.setNegativeButtonText(
+          getIntent().hasExtra("negativeButtonText")
+            ? Objects.requireNonNull(
+              getIntent().getStringExtra("negativeButtonText")
+            )
+            : "Cancel"
+        );
+      }
     }
     BiometricPrompt.PromptInfo promptInfo = builder.build();
@@ -90,7 +104,7 @@ public class AuthActivity extends AppCompatActivity {
           @NonNull BiometricPrompt.AuthenticationResult result
         ) {
           super.onAuthenticationSucceeded(result);
-          finishActivity("success");
+          finishActivity();
         }
         @Override
@@ -109,8 +123,8 @@ public class AuthActivity extends AppCompatActivity {
     biometricPrompt.authenticate(promptInfo);
   }
-  void finishActivity(String result) {
-    finishActivity(result, null, null);
+  void finishActivity() {
+    finishActivity("success", null, null);
   }
   void finishActivity(String result, Integer errorCode, String errorDetails) {
@@ -158,4 +172,24 @@ public class AuthActivity extends AppCompatActivity {
         return 0;
     }
   }
+  private int getAllowedAuthenticators(int[] allowedTypes) {
+    int authenticators = 0;
+    for (int type : allowedTypes) {
+      switch (type) {
+        case 3: // FINGERPRINT
+          authenticators |= BiometricManager.Authenticators.BIOMETRIC_STRONG;
+          break;
+        case 4: // FACE_AUTHENTICATION
+          authenticators |= BiometricManager.Authenticators.BIOMETRIC_STRONG;
+          break;
+        case 5: // IRIS_AUTHENTICATION
+          authenticators |= BiometricManager.Authenticators.BIOMETRIC_STRONG;
+          break;
+      }
+    }
+    return authenticators > 0
+      ? authenticators
+      : BiometricManager.Authenticators.BIOMETRIC_STRONG;
+  }
 }

package/android/src/main/java/ee/forgr/biometric/NativeBiometric.java CHANGED Viewed

@@ -15,6 +15,7 @@ import android.security.keystore.StrongBoxUnavailableException;
 import android.util.Base64;
 import androidx.activity.result.ActivityResult;
 import androidx.biometric.BiometricManager;
+import com.getcapacitor.JSArray;
 import com.getcapacitor.JSObject;
 import com.getcapacitor.Plugin;
 import com.getcapacitor.PluginCall;
@@ -24,6 +25,7 @@ import com.getcapacitor.annotation.CapacitorPlugin;
 import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
+import java.nio.charset.StandardCharsets;
 import java.security.GeneralSecurityException;
 import java.security.InvalidAlgorithmParameterException;
 import java.security.InvalidKeyException;
@@ -37,6 +39,7 @@ import java.security.SecureRandom;
 import java.security.UnrecoverableEntryException;
 import java.security.cert.CertificateException;
 import java.util.ArrayList;
+import java.util.Objects;
 import javax.crypto.Cipher;
 import javax.crypto.CipherInputStream;
 import javax.crypto.CipherOutputStream;
@@ -44,6 +47,7 @@ import javax.crypto.KeyGenerator;
 import javax.crypto.NoSuchPaddingException;
 import javax.crypto.spec.GCMParameterSpec;
 import javax.crypto.spec.SecretKeySpec;
+import org.json.JSONException;
 @CapacitorPlugin(name = "NativeBiometric")
 public class NativeBiometric extends Plugin {
@@ -144,7 +148,7 @@ public class NativeBiometric extends Plugin {
   }
   @PluginMethod
-  public void verifyIdentity(final PluginCall call) {
+  public void verifyIdentity(final PluginCall call) throws JSONException {
     Intent intent = new Intent(getContext(), AuthActivity.class);
     intent.putExtra("title", call.getString("title", "Authenticate"));
@@ -168,6 +172,16 @@ public class NativeBiometric extends Plugin {
       intent.putExtra("maxAttempts", call.getInt("maxAttempts"));
     }
+    // Pass allowed biometry types
+    JSArray allowedTypes = call.getArray("allowedBiometryTypes");
+    if (allowedTypes != null) {
+      int[] types = new int[allowedTypes.length()];
+      for (int i = 0; i < allowedTypes.length(); i++) {
+        types[i] = (int) allowedTypes.toList().get(i);
+      }
+      intent.putExtra("allowedBiometryTypes", types);
+    }
     boolean useFallback = Boolean.TRUE.equals(
       call.getBoolean("useFallback", false)
     );
@@ -255,7 +269,7 @@ public class NativeBiometric extends Plugin {
     if (result.getResultCode() == Activity.RESULT_OK) {
       Intent data = result.getData();
       if (data != null && data.hasExtra("result")) {
-        switch (data.getStringExtra("result")) {
+        switch (Objects.requireNonNull(data.getStringExtra("result"))) {
           case "success":
             call.resolve();
             break;
@@ -309,18 +323,15 @@ public class NativeBiometric extends Plugin {
   private String encryptString(String stringToEncrypt, String KEY_ALIAS)
     throws GeneralSecurityException, IOException {
     Cipher cipher;
-    if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.M) {
-      cipher = Cipher.getInstance(TRANSFORMATION);
-      cipher.init(
-        Cipher.ENCRYPT_MODE,
-        getKey(KEY_ALIAS),
-        new GCMParameterSpec(128, FIXED_IV)
-      );
-    } else {
-      cipher = Cipher.getInstance(AES_MODE, "BC");
-      cipher.init(Cipher.ENCRYPT_MODE, getKey(KEY_ALIAS));
-    }
-    byte[] encodedBytes = cipher.doFinal(stringToEncrypt.getBytes("UTF-8"));
+    cipher = Cipher.getInstance(TRANSFORMATION);
+    cipher.init(
+      Cipher.ENCRYPT_MODE,
+      getKey(KEY_ALIAS),
+      new GCMParameterSpec(128, FIXED_IV)
+    );
+    byte[] encodedBytes = cipher.doFinal(
+      stringToEncrypt.getBytes(StandardCharsets.UTF_8)
+    );
     return Base64.encodeToString(encodedBytes, Base64.DEFAULT);
   }
@@ -329,19 +340,14 @@ public class NativeBiometric extends Plugin {
     byte[] encryptedData = Base64.decode(stringToDecrypt, Base64.DEFAULT);
     Cipher cipher;
-    if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.M) {
-      cipher = Cipher.getInstance(TRANSFORMATION);
-      cipher.init(
-        Cipher.DECRYPT_MODE,
-        getKey(KEY_ALIAS),
-        new GCMParameterSpec(128, FIXED_IV)
-      );
-    } else {
-      cipher = Cipher.getInstance(AES_MODE, "BC");
-      cipher.init(Cipher.DECRYPT_MODE, getKey(KEY_ALIAS));
-    }
+    cipher = Cipher.getInstance(TRANSFORMATION);
+    cipher.init(
+      Cipher.DECRYPT_MODE,
+      getKey(KEY_ALIAS),
+      new GCMParameterSpec(128, FIXED_IV)
+    );
     byte[] decryptedData = cipher.doFinal(encryptedData);
-    return new String(decryptedData, "UTF-8");
+    return new String(decryptedData, StandardCharsets.UTF_8);
   }
   @SuppressLint("NewAPI") // API level is already checked
@@ -358,30 +364,31 @@ public class NativeBiometric extends Plugin {
   private Key generateKey(String KEY_ALIAS, boolean isStrongBoxBacked)
     throws GeneralSecurityException, IOException, StrongBoxUnavailableException {
-    if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.M) {
-      KeyGenerator generator = KeyGenerator.getInstance(
-        KeyProperties.KEY_ALGORITHM_AES,
-        ANDROID_KEY_STORE
-      );
-      KeyGenParameterSpec.Builder paramBuilder =
-        new KeyGenParameterSpec.Builder(
-          KEY_ALIAS,
-          KeyProperties.PURPOSE_ENCRYPT | KeyProperties.PURPOSE_DECRYPT
-        )
-          .setBlockModes(KeyProperties.BLOCK_MODE_GCM)
-          .setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_NONE)
-          .setRandomizedEncryptionRequired(false);
-      if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.P) {
+    KeyGenerator generator = KeyGenerator.getInstance(
+      KeyProperties.KEY_ALGORITHM_AES,
+      ANDROID_KEY_STORE
+    );
+    KeyGenParameterSpec.Builder paramBuilder = new KeyGenParameterSpec.Builder(
+      KEY_ALIAS,
+      KeyProperties.PURPOSE_ENCRYPT | KeyProperties.PURPOSE_DECRYPT
+    )
+      .setBlockModes(KeyProperties.BLOCK_MODE_GCM)
+      .setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_NONE)
+      .setRandomizedEncryptionRequired(false);
+    if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.P) {
+      if (
+        Build.VERSION.SDK_INT < Build.VERSION_CODES.S ||
+        Build.VERSION.SDK_INT > 34
+      ) {
+        // Avoiding setUnlockedDeviceRequired(true) due to known issues on Android 12-14
         paramBuilder.setUnlockedDeviceRequired(true);
-        paramBuilder.setIsStrongBoxBacked(isStrongBoxBacked);
       }
-      generator.init(paramBuilder.build());
-      return generator.generateKey();
-    } else {
-      return getAESKey(KEY_ALIAS);
+      paramBuilder.setIsStrongBoxBacked(isStrongBoxBacked);
     }
+    generator.init(paramBuilder.build());
+    return generator.generateKey();
   }
   private Key getKey(String KEY_ALIAS)
@@ -485,7 +492,7 @@ public class NativeBiometric extends Plugin {
     byte[] bytes = new byte[values.size()];
     for (int i = 0; i < bytes.length; i++) {
-      bytes[i] = values.get(i).byteValue();
+      bytes[i] = values.get(i);
     }
     return bytes;
   }
@@ -494,10 +501,6 @@ public class NativeBiometric extends Plugin {
     KeyguardManager keyguardManager = (KeyguardManager) getActivity()
       .getSystemService(Context.KEYGUARD_SERVICE);
     // Can only use fallback if the device has a pin/pattern/password lockscreen.
-    if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.M) {
-      return keyguardManager.isDeviceSecure();
-    } else {
-      return keyguardManager.isKeyguardSecure();
-    }
+    return keyguardManager.isDeviceSecure();
   }
 }