@capgo/capacitor-native-biometric 6.0.4 → 7.1.2

package/CapgoCapacitorNativeBiometric.podspec

@@ -8,6 +8,6 @@
     s.author = 'Martin Donadieu'
     s.source = { :git => 'https://github.com/Cap-go/capacitor-native-biometric', :tag => s.version.to_s }
     s.source_files = 'ios/Plugin/**/*.{swift,h,m,c,cc,mm,cpp}'
-    s.ios.deployment_target  = '13.0'
+    s.ios.deployment_target = '14.0'
     s.dependency 'Capacitor'
   end

package/README.md

@@ -92,7 +92,7 @@ This is a plugin specific list of error codes that can be thrown on verifyIdenti
 ### isAvailable(...)
 
 ```typescript
-isAvailable(options?: IsAvailableOptions | undefined) => any
+isAvailable(options?: IsAvailableOptions | undefined) => Promise<AvailableResult>
 ```
 
 Checks if biometric authentication hardware is available.
@@ -101,7 +101,7 @@ Checks if biometric authentication hardware is available.
 | ------------- | ----------------------------------------------------------------- |
 | **`options`** | <code><a href="#isavailableoptions">IsAvailableOptions</a></code> |
 
-**Returns:** <code>any</code>
+**Returns:** <code>Promise&lt;<a href="#availableresult">AvailableResult</a>&gt;</code>
 
 **Since:** 1.0.0
 
@@ -111,7 +111,7 @@ Checks if biometric authentication hardware is available.
 ### verifyIdentity(...)
 
 ```typescript
-verifyIdentity(options?: BiometricOptions | undefined) => any
+verifyIdentity(options?: BiometricOptions | undefined) => Promise<void>
 ```
 
 Prompts the user to authenticate with biometrics.
@@ -120,8 +120,6 @@ Prompts the user to authenticate with biometrics.
 | ------------- | ------------------------------------------------------------- |
 | **`options`** | <code><a href="#biometricoptions">BiometricOptions</a></code> |
 
-**Returns:** <code>any</code>
-
 **Since:** 1.0.0
 
 --------------------
@@ -130,7 +128,7 @@ Prompts the user to authenticate with biometrics.
 ### getCredentials(...)
 
 ```typescript
-getCredentials(options: GetCredentialOptions) => any
+getCredentials(options: GetCredentialOptions) => Promise<Credentials>
 ```
 
 Gets the stored credentials for a given server.
@@ -139,7 +137,7 @@ Gets the stored credentials for a given server.
 | ------------- | --------------------------------------------------------------------- |
 | **`options`** | <code><a href="#getcredentialoptions">GetCredentialOptions</a></code> |
 
-**Returns:** <code>any</code>
+**Returns:** <code>Promise&lt;<a href="#credentials">Credentials</a>&gt;</code>
 
 **Since:** 1.0.0
 
@@ -149,7 +147,7 @@ Gets the stored credentials for a given server.
 ### setCredentials(...)
 
 ```typescript
-setCredentials(options: SetCredentialOptions) => any
+setCredentials(options: SetCredentialOptions) => Promise<void>
 ```
 
 Stores the given credentials for a given server.
@@ -158,8 +156,6 @@ Stores the given credentials for a given server.
 | ------------- | --------------------------------------------------------------------- |
 | **`options`** | <code><a href="#setcredentialoptions">SetCredentialOptions</a></code> |
 
-**Returns:** <code>any</code>
-
 **Since:** 1.0.0
 
 --------------------
@@ -168,7 +164,7 @@ Stores the given credentials for a given server.
 ### deleteCredentials(...)
 
 ```typescript
-deleteCredentials(options: DeleteCredentialOptions) => any
+deleteCredentials(options: DeleteCredentialOptions) => Promise<void>
 ```
 
 Deletes the stored credentials for a given server.
@@ -177,8 +173,6 @@ Deletes the stored credentials for a given server.
 | ------------- | --------------------------------------------------------------------------- |
 | **`options`** | <code><a href="#deletecredentialoptions">DeleteCredentialOptions</a></code> |
 
-**Returns:** <code>any</code>
-
 **Since:** 1.0.0
 
 --------------------
@@ -187,13 +181,6 @@ Deletes the stored credentials for a given server.
 ### Interfaces
 
 
-#### IsAvailableOptions
-
-| Prop              | Type                 | Description                                                                                           |
-| ----------------- | -------------------- | ----------------------------------------------------------------------------------------------------- |
-| **`useFallback`** | <code>boolean</code> | Specifies if should fallback to passcode authentication if biometric authentication is not available. |
-
-
 #### AvailableResult
 
 | Prop               | Type                                                  |
@@ -203,25 +190,26 @@ Deletes the stored credentials for a given server.
 | **`errorCode`**    | <code>number</code>                                   |
 
 
-#### BiometricOptions
+#### IsAvailableOptions
 
-| Prop                     | Type                 | Description                                                                                                                                                | Default        |
-| ------------------------ | -------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------- |
-| **`reason`**             | <code>string</code>  |                                                                                                                                                            |                |
-| **`title`**              | <code>string</code>  |                                                                                                                                                            |                |
-| **`subtitle`**           | <code>string</code>  |                                                                                                                                                            |                |
-| **`description`**        | <code>string</code>  |                                                                                                                                                            |                |
-| **`negativeButtonText`** | <code>string</code>  |                                                                                                                                                            |                |
-| **`useFallback`**        | <code>boolean</code> | Specifies if should fallback to passcode authentication if biometric authentication fails.                                                                 |                |
-| **`fallbackTitle`**      | <code>string</code>  | Only for iOS. Set the text for the fallback button in the authentication dialog. If this property is not specified, the default text is set by the system. |                |
-| **`maxAttempts`**        | <code>number</code>  | Only for Android. Set a maximum number of attempts for biometric authentication. The maximum allowed by android is 5.                                      | <code>1</code> |
+| Prop              | Type                 | Description                                                                                           |
+| ----------------- | -------------------- | ----------------------------------------------------------------------------------------------------- |
+| **`useFallback`** | <code>boolean</code> | Specifies if should fallback to passcode authentication if biometric authentication is not available. |
 
 
-#### GetCredentialOptions
+#### BiometricOptions
 
-| Prop         | Type                |
-| ------------ | ------------------- |
-| **`server`** | <code>string</code> |
+| Prop                       | Type                        | Description                                                                                                                                                | Default        |
+| -------------------------- | --------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------- |
+| **`reason`**               | <code>string</code>         |                                                                                                                                                            |                |
+| **`title`**                | <code>string</code>         |                                                                                                                                                            |                |
+| **`subtitle`**             | <code>string</code>         |                                                                                                                                                            |                |
+| **`description`**          | <code>string</code>         |                                                                                                                                                            |                |
+| **`negativeButtonText`**   | <code>string</code>         |                                                                                                                                                            |                |
+| **`useFallback`**          | <code>boolean</code>        | Specifies if should fallback to passcode authentication if biometric authentication fails.                                                                 |                |
+| **`fallbackTitle`**        | <code>string</code>         | Only for iOS. Set the text for the fallback button in the authentication dialog. If this property is not specified, the default text is set by the system. |                |
+| **`maxAttempts`**          | <code>number</code>         | Only for Android. Set a maximum number of attempts for biometric authentication. The maximum allowed by android is 5.                                      | <code>1</code> |
+| **`allowedBiometryTypes`** | <code>BiometryType[]</code> | Only for Android. Specify which biometry types are allowed for authentication. If not specified, all available types will be allowed.                      |                |
 
 
 #### Credentials
@@ -232,6 +220,13 @@ Deletes the stored credentials for a given server.
 | **`password`** | <code>string</code> |
 
 
+#### GetCredentialOptions
+
+| Prop         | Type                |
+| ------------ | ------------------- |
+| **`server`** | <code>string</code> |
+
+
 #### SetCredentialOptions
 
 | Prop           | Type                |

package/android/build.gradle

@@ -1,8 +1,8 @@
 ext {
     junitVersion = project.hasProperty('junitVersion') ? rootProject.ext.junitVersion : '4.13.2'
-    androidxJunitVersion = project.hasProperty('androidxJunitVersion') ? rootProject.ext.androidxJunitVersion : '1.1.5'
-    androidxEspressoCoreVersion = project.hasProperty('androidxEspressoCoreVersion') ? rootProject.ext.androidxEspressoCoreVersion : '3.5.1'
-    androidxAppCompatVersion = project.hasProperty('androidxAppCompatVersion') ? rootProject.ext.androidxAppCompatVersion : '1.6.1'
+    androidxJunitVersion = project.hasProperty('androidxJunitVersion') ? rootProject.ext.androidxJunitVersion : '1.2.1'
+    androidxEspressoCoreVersion = project.hasProperty('androidxEspressoCoreVersion') ? rootProject.ext.androidxEspressoCoreVersion : '3.6.1'
+    androidxAppCompatVersion = project.hasProperty('androidxAppCompatVersion') ? rootProject.ext.androidxAppCompatVersion : '1.7.0'
 }
 
 buildscript {
@@ -11,7 +11,7 @@ buildscript {
         mavenCentral()
     }
     dependencies {
-        classpath 'com.android.tools.build:gradle:8.2.1'
+        classpath 'com.android.tools.build:gradle:8.7.2'
     }
 }
 
@@ -19,10 +19,10 @@ apply plugin: 'com.android.library'
 
 android {
     namespace "ee.forgr.biometric.capacitornativebiometric"
-    compileSdk project.hasProperty('compileSdkVersion') ? rootProject.ext.compileSdkVersion : 34
+    compileSdk project.hasProperty('compileSdkVersion') ? rootProject.ext.compileSdkVersion : 35
     defaultConfig {
-        minSdkVersion project.hasProperty('minSdkVersion') ? rootProject.ext.minSdkVersion : 22
-        targetSdkVersion project.hasProperty('targetSdkVersion') ? rootProject.ext.targetSdkVersion : 34
+        minSdkVersion project.hasProperty('minSdkVersion') ? rootProject.ext.minSdkVersion : 23
+        targetSdkVersion project.hasProperty('targetSdkVersion') ? rootProject.ext.targetSdkVersion : 35
         versionCode 1
         versionName "1.0"
         testInstrumentationRunner "androidx.test.runner.AndroidJUnitRunner"

package/android/gradle/wrapper/gradle-wrapper.properties

@@ -1,6 +1,6 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.2.1-all.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.11.1-all.zip
 networkTimeout=10000
 validateDistributionUrl=true
 zipStoreBase=GRADLE_USER_HOME

package/android/gradlew

@@ -15,6 +15,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
+# SPDX-License-Identifier: Apache-2.0
+#
 
 ##############################################################################
 #
@@ -55,7 +57,7 @@
 #       Darwin, MinGW, and NonStop.
 #
 #   (3) This script is generated from the Groovy template
-#       https://github.com/gradle/gradle/blob/HEAD/subprojects/plugins/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt
+#       https://github.com/gradle/gradle/blob/HEAD/platforms/jvm/plugins-application/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt
 #       within the Gradle project.
 #
 #       You can find Gradle at https://github.com/gradle/gradle/.
@@ -83,7 +85,9 @@ done
 # This is normally unused
 # shellcheck disable=SC2034
 APP_BASE_NAME=${0##*/}
-APP_HOME=$( cd "${APP_HOME:-./}" && pwd -P ) || exit
+# Discard cd standard output in case $CDPATH is set (https://github.com/gradle/gradle/issues/25036)
+APP_HOME=$( cd -P "${APP_HOME:-./}" > /dev/null && printf '%s
+' "$PWD" ) || exit
 
 # Use the maximum available, or set MAX_FD != -1 to use that value.
 MAX_FD=maximum
@@ -144,7 +148,7 @@ if ! "$cygwin" && ! "$darwin" && ! "$nonstop" ; then
     case $MAX_FD in #(
       max*)
         # In POSIX sh, ulimit -H is undefined. That's why the result is checked to see if it worked.
-        # shellcheck disable=SC3045
+        # shellcheck disable=SC2039,SC3045
         MAX_FD=$( ulimit -H -n ) ||
             warn "Could not query maximum file descriptor limit"
     esac
@@ -152,7 +156,7 @@ if ! "$cygwin" && ! "$darwin" && ! "$nonstop" ; then
       '' | soft) :;; #(
       *)
         # In POSIX sh, ulimit -n is undefined. That's why the result is checked to see if it worked.
-        # shellcheck disable=SC3045
+        # shellcheck disable=SC2039,SC3045
         ulimit -n "$MAX_FD" ||
             warn "Could not set maximum file descriptor limit to $MAX_FD"
     esac
@@ -201,11 +205,11 @@ fi
 # Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
 DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'
 
-# Collect all arguments for the java command;
-#   * $DEFAULT_JVM_OPTS, $JAVA_OPTS, and $GRADLE_OPTS can contain fragments of
-#     shell script including quotes and variable substitutions, so put them in
-#     double quotes to make sure that they get re-expanded; and
-#   * put everything else in single quotes, so that it's not re-expanded.
+# Collect all arguments for the java command:
+#   * DEFAULT_JVM_OPTS, JAVA_OPTS, JAVA_OPTS, and optsEnvironmentVar are not allowed to contain shell fragments,
+#     and any embedded shellness will be escaped.
+#   * For example: A user cannot expect ${Hostname} to be expanded, as it is an environment variable and will be
+#     treated as '${Hostname}' itself on the command line.
 
 set -- \
         "-Dorg.gradle.appname=$APP_BASE_NAME" \

package/android/gradlew.bat

@@ -13,6 +13,8 @@
 @rem See the License for the specific language governing permissions and
 @rem limitations under the License.
 @rem
+@rem SPDX-License-Identifier: Apache-2.0
+@rem
 
 @if "%DEBUG%"=="" @echo off
 @rem ##########################################################################
@@ -43,11 +45,11 @@ set JAVA_EXE=java.exe
 %JAVA_EXE% -version >NUL 2>&1
 if %ERRORLEVEL% equ 0 goto execute
 
-echo.
-echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
-echo.
-echo Please set the JAVA_HOME variable in your environment to match the
-echo location of your Java installation.
+echo. 1>&2
+echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. 1>&2
+echo. 1>&2
+echo Please set the JAVA_HOME variable in your environment to match the 1>&2
+echo location of your Java installation. 1>&2
 
 goto fail
 
@@ -57,11 +59,11 @@ set JAVA_EXE=%JAVA_HOME%/bin/java.exe
 
 if exist "%JAVA_EXE%" goto execute
 
-echo.
-echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME%
-echo.
-echo Please set the JAVA_HOME variable in your environment to match the
-echo location of your Java installation.
+echo. 1>&2
+echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME% 1>&2
+echo. 1>&2
+echo Please set the JAVA_HOME variable in your environment to match the 1>&2
+echo location of your Java installation. 1>&2
 
 goto fail
 

package/android/src/main/java/ee/forgr/biometric/AuthActivity.java

@@ -6,13 +6,14 @@ import android.os.Bundle;
 import android.os.Handler;
 import androidx.annotation.NonNull;
 import androidx.appcompat.app.AppCompatActivity;
+import androidx.biometric.BiometricManager;
 import androidx.biometric.BiometricPrompt;
 import ee.forgr.biometric.capacitornativebiometric.R;
+import java.util.Objects;
 import java.util.concurrent.Executor;
 
 public class AuthActivity extends AppCompatActivity {
 
-  private Executor executor;
   private int maxAttempts;
   private int counter = 0;
 
@@ -23,6 +24,7 @@ public class AuthActivity extends AppCompatActivity {
 
     maxAttempts = getIntent().getIntExtra("maxAttempts", 1);
 
+    Executor executor;
     if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.P) {
       executor = this.getMainExecutor();
     } else {
@@ -38,7 +40,7 @@ public class AuthActivity extends AppCompatActivity {
       new BiometricPrompt.PromptInfo.Builder()
         .setTitle(
           getIntent().hasExtra("title")
-            ? getIntent().getStringExtra("title")
+            ? Objects.requireNonNull(getIntent().getStringExtra("title"))
             : "Authenticate"
         )
         .setSubtitle(
@@ -53,18 +55,30 @@ public class AuthActivity extends AppCompatActivity {
         );
 
     boolean useFallback = getIntent().getBooleanExtra("useFallback", false);
+    int[] allowedTypes = getIntent().getIntArrayExtra("allowedBiometryTypes");
 
-    if (useFallback) {
-      // TODO: Deprecated function, probably want to migrate to `setAllowedAuthenticators`
-      builder.setDeviceCredentialAllowed(true);
+    if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.R) {
+      int authenticators = BiometricManager.Authenticators.BIOMETRIC_STRONG;
+      if (useFallback) {
+        authenticators |= BiometricManager.Authenticators.DEVICE_CREDENTIAL;
+      }
+      if (allowedTypes != null) {
+        // Filter authenticators based on allowed types
+        authenticators = getAllowedAuthenticators(allowedTypes);
+      }
+      builder.setAllowedAuthenticators(authenticators);
     } else {
-      // Note that this option is incompatible with device credential authentication and must NOT be set if the latter is enabled via `setAllowedAuthenticators` or `setDeviceCredentialAllowed`.
-      // @see https://developer.android.com/reference/androidx/biometric/BiometricPrompt.PromptInfo.Builder#setNegativeButtonText(java.lang.CharSequence)
-      builder.setNegativeButtonText(
-        getIntent().hasExtra("negativeButtonText")
-          ? getIntent().getStringExtra("negativeButtonText")
-          : "Cancel"
-      );
+      if (useFallback) {
+        builder.setDeviceCredentialAllowed(true);
+      } else {
+        builder.setNegativeButtonText(
+          getIntent().hasExtra("negativeButtonText")
+            ? Objects.requireNonNull(
+              getIntent().getStringExtra("negativeButtonText")
+            )
+            : "Cancel"
+        );
+      }
     }
 
     BiometricPrompt.PromptInfo promptInfo = builder.build();
@@ -90,7 +104,7 @@ public class AuthActivity extends AppCompatActivity {
           @NonNull BiometricPrompt.AuthenticationResult result
         ) {
           super.onAuthenticationSucceeded(result);
-          finishActivity("success");
+          finishActivity();
         }
 
         @Override
@@ -109,8 +123,8 @@ public class AuthActivity extends AppCompatActivity {
     biometricPrompt.authenticate(promptInfo);
   }
 
-  void finishActivity(String result) {
-    finishActivity(result, null, null);
+  void finishActivity() {
+    finishActivity("success", null, null);
   }
 
   void finishActivity(String result, Integer errorCode, String errorDetails) {
@@ -158,4 +172,24 @@ public class AuthActivity extends AppCompatActivity {
         return 0;
     }
   }
+
+  private int getAllowedAuthenticators(int[] allowedTypes) {
+    int authenticators = 0;
+    for (int type : allowedTypes) {
+      switch (type) {
+        case 3: // FINGERPRINT
+          authenticators |= BiometricManager.Authenticators.BIOMETRIC_STRONG;
+          break;
+        case 4: // FACE_AUTHENTICATION
+          authenticators |= BiometricManager.Authenticators.BIOMETRIC_STRONG;
+          break;
+        case 5: // IRIS_AUTHENTICATION
+          authenticators |= BiometricManager.Authenticators.BIOMETRIC_STRONG;
+          break;
+      }
+    }
+    return authenticators > 0
+      ? authenticators
+      : BiometricManager.Authenticators.BIOMETRIC_STRONG;
+  }
 }

package/android/src/main/java/ee/forgr/biometric/NativeBiometric.java

@@ -15,6 +15,7 @@ import android.security.keystore.StrongBoxUnavailableException;
 import android.util.Base64;
 import androidx.activity.result.ActivityResult;
 import androidx.biometric.BiometricManager;
+import com.getcapacitor.JSArray;
 import com.getcapacitor.JSObject;
 import com.getcapacitor.Plugin;
 import com.getcapacitor.PluginCall;
@@ -24,6 +25,7 @@ import com.getcapacitor.annotation.CapacitorPlugin;
 import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
+import java.nio.charset.StandardCharsets;
 import java.security.GeneralSecurityException;
 import java.security.InvalidAlgorithmParameterException;
 import java.security.InvalidKeyException;
@@ -37,6 +39,7 @@ import java.security.SecureRandom;
 import java.security.UnrecoverableEntryException;
 import java.security.cert.CertificateException;
 import java.util.ArrayList;
+import java.util.Objects;
 import javax.crypto.Cipher;
 import javax.crypto.CipherInputStream;
 import javax.crypto.CipherOutputStream;
@@ -44,6 +47,7 @@ import javax.crypto.KeyGenerator;
 import javax.crypto.NoSuchPaddingException;
 import javax.crypto.spec.GCMParameterSpec;
 import javax.crypto.spec.SecretKeySpec;
+import org.json.JSONException;
 
 @CapacitorPlugin(name = "NativeBiometric")
 public class NativeBiometric extends Plugin {
@@ -144,7 +148,7 @@ public class NativeBiometric extends Plugin {
   }
 
   @PluginMethod
-  public void verifyIdentity(final PluginCall call) {
+  public void verifyIdentity(final PluginCall call) throws JSONException {
     Intent intent = new Intent(getContext(), AuthActivity.class);
 
     intent.putExtra("title", call.getString("title", "Authenticate"));
@@ -168,6 +172,16 @@ public class NativeBiometric extends Plugin {
       intent.putExtra("maxAttempts", call.getInt("maxAttempts"));
     }
 
+    // Pass allowed biometry types
+    JSArray allowedTypes = call.getArray("allowedBiometryTypes");
+    if (allowedTypes != null) {
+      int[] types = new int[allowedTypes.length()];
+      for (int i = 0; i < allowedTypes.length(); i++) {
+        types[i] = (int) allowedTypes.toList().get(i);
+      }
+      intent.putExtra("allowedBiometryTypes", types);
+    }
+
     boolean useFallback = Boolean.TRUE.equals(
       call.getBoolean("useFallback", false)
     );
@@ -255,7 +269,7 @@ public class NativeBiometric extends Plugin {
     if (result.getResultCode() == Activity.RESULT_OK) {
       Intent data = result.getData();
       if (data != null && data.hasExtra("result")) {
-        switch (data.getStringExtra("result")) {
+        switch (Objects.requireNonNull(data.getStringExtra("result"))) {
           case "success":
             call.resolve();
             break;
@@ -309,18 +323,15 @@ public class NativeBiometric extends Plugin {
   private String encryptString(String stringToEncrypt, String KEY_ALIAS)
     throws GeneralSecurityException, IOException {
     Cipher cipher;
-    if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.M) {
-      cipher = Cipher.getInstance(TRANSFORMATION);
-      cipher.init(
-        Cipher.ENCRYPT_MODE,
-        getKey(KEY_ALIAS),
-        new GCMParameterSpec(128, FIXED_IV)
-      );
-    } else {
-      cipher = Cipher.getInstance(AES_MODE, "BC");
-      cipher.init(Cipher.ENCRYPT_MODE, getKey(KEY_ALIAS));
-    }
-    byte[] encodedBytes = cipher.doFinal(stringToEncrypt.getBytes("UTF-8"));
+    cipher = Cipher.getInstance(TRANSFORMATION);
+    cipher.init(
+      Cipher.ENCRYPT_MODE,
+      getKey(KEY_ALIAS),
+      new GCMParameterSpec(128, FIXED_IV)
+    );
+    byte[] encodedBytes = cipher.doFinal(
+      stringToEncrypt.getBytes(StandardCharsets.UTF_8)
+    );
     return Base64.encodeToString(encodedBytes, Base64.DEFAULT);
   }
 
@@ -329,19 +340,14 @@ public class NativeBiometric extends Plugin {
     byte[] encryptedData = Base64.decode(stringToDecrypt, Base64.DEFAULT);
 
     Cipher cipher;
-    if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.M) {
-      cipher = Cipher.getInstance(TRANSFORMATION);
-      cipher.init(
-        Cipher.DECRYPT_MODE,
-        getKey(KEY_ALIAS),
-        new GCMParameterSpec(128, FIXED_IV)
-      );
-    } else {
-      cipher = Cipher.getInstance(AES_MODE, "BC");
-      cipher.init(Cipher.DECRYPT_MODE, getKey(KEY_ALIAS));
-    }
+    cipher = Cipher.getInstance(TRANSFORMATION);
+    cipher.init(
+      Cipher.DECRYPT_MODE,
+      getKey(KEY_ALIAS),
+      new GCMParameterSpec(128, FIXED_IV)
+    );
     byte[] decryptedData = cipher.doFinal(encryptedData);
-    return new String(decryptedData, "UTF-8");
+    return new String(decryptedData, StandardCharsets.UTF_8);
   }
 
   @SuppressLint("NewAPI") // API level is already checked
@@ -358,30 +364,31 @@ public class NativeBiometric extends Plugin {
 
   private Key generateKey(String KEY_ALIAS, boolean isStrongBoxBacked)
     throws GeneralSecurityException, IOException, StrongBoxUnavailableException {
-    if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.M) {
-      KeyGenerator generator = KeyGenerator.getInstance(
-        KeyProperties.KEY_ALGORITHM_AES,
-        ANDROID_KEY_STORE
-      );
-      KeyGenParameterSpec.Builder paramBuilder =
-        new KeyGenParameterSpec.Builder(
-          KEY_ALIAS,
-          KeyProperties.PURPOSE_ENCRYPT | KeyProperties.PURPOSE_DECRYPT
-        )
-          .setBlockModes(KeyProperties.BLOCK_MODE_GCM)
-          .setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_NONE)
-          .setRandomizedEncryptionRequired(false);
-
-      if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.P) {
+    KeyGenerator generator = KeyGenerator.getInstance(
+      KeyProperties.KEY_ALGORITHM_AES,
+      ANDROID_KEY_STORE
+    );
+    KeyGenParameterSpec.Builder paramBuilder = new KeyGenParameterSpec.Builder(
+      KEY_ALIAS,
+      KeyProperties.PURPOSE_ENCRYPT | KeyProperties.PURPOSE_DECRYPT
+    )
+      .setBlockModes(KeyProperties.BLOCK_MODE_GCM)
+      .setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_NONE)
+      .setRandomizedEncryptionRequired(false);
+
+    if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.P) {
+      if (
+        Build.VERSION.SDK_INT < Build.VERSION_CODES.S ||
+        Build.VERSION.SDK_INT > 34
+      ) {
+        // Avoiding setUnlockedDeviceRequired(true) due to known issues on Android 12-14
         paramBuilder.setUnlockedDeviceRequired(true);
-        paramBuilder.setIsStrongBoxBacked(isStrongBoxBacked);
       }
-
-      generator.init(paramBuilder.build());
-      return generator.generateKey();
-    } else {
-      return getAESKey(KEY_ALIAS);
+      paramBuilder.setIsStrongBoxBacked(isStrongBoxBacked);
     }
+
+    generator.init(paramBuilder.build());
+    return generator.generateKey();
   }
 
   private Key getKey(String KEY_ALIAS)
@@ -485,7 +492,7 @@ public class NativeBiometric extends Plugin {
 
     byte[] bytes = new byte[values.size()];
     for (int i = 0; i < bytes.length; i++) {
-      bytes[i] = values.get(i).byteValue();
+      bytes[i] = values.get(i);
     }
     return bytes;
   }
@@ -494,10 +501,6 @@ public class NativeBiometric extends Plugin {
     KeyguardManager keyguardManager = (KeyguardManager) getActivity()
       .getSystemService(Context.KEYGUARD_SERVICE);
     // Can only use fallback if the device has a pin/pattern/password lockscreen.
-    if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.M) {
-      return keyguardManager.isDeviceSecure();
-    } else {
-      return keyguardManager.isKeyguardSecure();
-    }
+    return keyguardManager.isDeviceSecure();
   }
 }