Fingerprint unlock disabled when work profile is active - Samsung Galaxy S10e Questions & Answers

Hi all, delighted by my brand new device (exynos) but a strange behaviour occured when I installed my company MDM.
Impossible to unlock with the fingerprint, in the settings the biometrics section is greyed out.
It was working fine before. As soon as I removed the professional profile, it worked again, and as soon as I set it up again, it didn't.
Strangely enough, the MDM allows the fingerprint to log into the professional apps (like Boxer).
Anyone here uses a company profile with the S10e ?
Sounds like a bug or a company restriction? It worked fine before with my old MotoG5+ with an outdated security patch, and my colleagues with other types of Galaxy phones don't have this issue.
Thanks for any thought.

I use work mode and Microsoft InTune. The fingerprint sensor works normally. The sensor itself is a bit annoying but the operation is as intended.
The fingerprint settings have an option for fingerprint always on.

Same thing happened to me. My company uses VMware Intelligent HUB in a work profile. After installing it, could no longer unlock with fingerprint. Options are grayed out in security settings. Uninstalled the work profile and I get fingerprint unlock back. Since the only thing I needed was email, I'm just using the web interface in chrome (how is that more secure???). It all worked fine on my pixel 2, so this is specific to s10e. I refuse to install the work profile if it disables the fingerprint unlock. Emailed my IT department to see if they can change the policy, but not hopeful about that.

Related

Skype Lockscreen Bypass Bug

Tested with Skype version 3.2.0.6673 (released 1st July 2013) on various
Android devices (Sony Xperia Z, Samsung Galaxy Note 2, Huawei Premia 4G
The Skype for Android application appears to have a bug which permits the
Android inbuilt lockscreen (ie. pattern, PIN, password) to be bypassed
relatively easily, if the device is logged into Skype, and the "attacker"
is able to call the "victim" on Skype.
This can be reproduced as follows with 2 Skype accounts, and 2 separate
devices to use with Skype. The target phone is presumed to have an Android
lockscreen configured and in use, and to be locked during the test.
1. Initiate a Skype call to the target device, which will cause it to
wake, ring, and display a prompt on the screen to answer or reject the call
2. Accept the call from the target device using the green answer button
on the screen
3. End the call from the initiating device (ie. the device used to call
the target phone)
4. The target device will end the call, and should display the
lockscreen.
5. Turn off the screen of the target device using the power key, and
turn it on again
6. The lockscreen will now be bypassed. It will remain bypassed until
the device is rebooted
Similar to (ironically enough):
http://arstechnica.com/security/201...een-lock-on-up-to-100-million-android-phones/.
Seems that internet based calling apps might well be "unlucky".
I suggest logging out of skype when not using it, until there is a fix.
Thanks to Turl for originally bringing this to my attention.
Greetings pulser_g2,
Thanks for posting this. I found that all these screenlock bypass vulns (including yours) won't work if a enterprise policy is enforced on the target device. I've tested with 2 different smartphones, Note 8.0 and Note 2. Both with the current stock firmware. Can you or anyone else confirm this?
Cheers,
Michael
c0rnholio said:
Greetings pulser_g2,
Thanks for posting this. I found that all these screenlock bypass vulns (including yours) won't work if a enterprise policy is enforced on the target device. I've tested with 2 different smartphones, Note 8.0 and Note 2. Both with the current stock firmware. Can you or anyone else confirm this?
Cheers,
Michael
Click to expand...
Click to collapse
Hi Michael,
Thanks for the tip. However, forcing enterprise policy onto a device that does not need it should not be a solution for a bug like this (not ranting against you, please don't take it that way). Skype was already informed about this a couple of weeks ago and nothing has been done afaik.
I received a Skype update today from the market, so I guess it might be worth checking if the bug can be repeated or if it has been fixed.
Hi egzthunder1,
I don't take your post personal. My post was not made with the intent to be a bugfix. I just want someone else who also has access to provisioned devices to confirm my observation. Additionally if my observation is correct then it should be mentioned in a security advisory that enterprise provisioned devices with an enforced password seem to not be affected by all these lockscreen bypasses. I'm just discussing here
Does andybody know which wrong usage of the Android-API might be used here? I'm developing myself an app which switches the Screen on and shows information without the need to unlock the device. Know I'm concerned that I might use the API wrong, too. There were also such bugs in other apps in the past month, so there must be some wrong usage type. Saidly I didn't find anything about it via googling. If you have links, please share.
SamsungPisser said:
Does andybody know which wrong usage of the Android-API might be used here? I'm developing myself an app which switches the Screen on and shows information without the need to unlock the device. Know I'm concerned that I might use the API wrong, too. There were also such bugs in other apps in the past month, so there must be some wrong usage type. Saidly I didn't find anything about it via googling. If you have links, please share.
Click to expand...
Click to collapse
It seems to be related to the use of the permission to disable the lockscreen.
I.e. http://stackoverflow.com/questions/12021800/disable-delay-android-lock-screen-programmatically
You want to ensure you definitely disable the option once done. I suggest you create a test plan and ensure even if everything goes wrong, the lock will still get enabled again in the end.
c0rnholio said:
Hi egzthunder1,
I don't take your post personal. My post was not made with the intent to be a bugfix. I just want someone else who also has access to provisioned devices to confirm my observation. Additionally if my observation is correct then it should be mentioned in a security advisory that enterprise provisioned devices with an enforced password seem to not be affected by all these lockscreen bypasses. I'm just discussing here
Click to expand...
Click to collapse
Hmmm that is interesting actually.
I need to see if I can replicate this by forcing provisioning manually.
I don't have an exchange server unfortunately (I use my own mail server that uses the protocol but doesn't do the complex provisioning.)
I'll have a look though as I think it supports provisioning in the configuration where it emulates Exchange. I believe this likely is a workaround for enterprise users.
This would be enough motivation actually to look at setting up proper provisioning of my devices.
Thanks for letting me know

[q] does smart lock with Bluetooth device work for you?

Has anyone else tried using a Bluetooth device go smart unlock your phone?
I can register my Bluetooth headset for the function but my phone still gets locked and requires my fingerprint after the screen is off for a few minutes
My phone is locked due to exchange security policies.
Sent from my SM-G920I using XDA Free mobile app
Works fine in my truck...
Works fine with my Sony SW3
Works fine with my moto 360
Same thing happens to me, but for location. I raised with Samsung on twitter and they asked me to email them. I've done so. Will let you know if I get any update.
I see the same issue - I have tried with two bluetooth devices and also a location. None of these bypass the need for fingerprint to unlock the phone. I also tried with PIN security - same issue. My phone has an exchange account linked which altered some security settings, maybe this is it? However, same account and same Android version on a Nexus5 and there was no problem.
yea im having issues as well. I do have exchange security as well but this worked fine on my Nexus 5. I'm also having issues where my Nexus 5 could skip songs via bluetooth. This does not work via google music now via my pioneer headunit. I cant tell if this is android bluetooth issues or what??
I have the same issue. Just disabled my exchange policy and it started working. It does not ask for fingerprint or pin any more.
This is weird because same setup on Nexus 5 worked fine. There smart lock overrode the exchange policy, but looks like Samsung has decided to give exchange policy higher preference than smart lock.
same for me just work with car Bluetooth but not with locations
Ok, moved Exchange account into Knox (which is awesome by the way) and now the smart lock works. Proves it was Exchange security causing it.
Cool, looks like exchange is the root cause.
Let me go explore knox as well!
Sent from my SM-G920I using XDA Free mobile app
I'm having the same issue with no exchange account set up.
teethgrinder32 said:
Same thing happens to me, but for location. I raised with Samsung on twitter and they asked me to email them. I've done so. Will let you know if I get any update.
Click to expand...
Click to collapse
+1 on location. But Bluetooth is perfect for me.
I had the same issue, smart lock works with BT but not with location.
What helped for me: I used location of Home from maps, it wasn't work. When I added "new" place and used near address it started working. I'm not using Exchange with security (I'm used to using Office365 and there isn't this rule)
works fine here over bluetooth to my gear 2 neo smart watch , and my turtle beach elite 800 wireless headphones , also location lock is working here on the w8 stock unrooted.
rakh1 said:
Ok, moved Exchange account into Knox (which is awesome by the way) and now the smart lock works. Proves it was Exchange security causing it.
Click to expand...
Click to collapse
What is knox? How did you accomplish this - I really want to get this trusted device unlock enabled. Thanks in advance.
I have the same issue - smart lock works without "corporate" account. However when I setup a "corporate" account (Exchange, or in my case - it's Google Apps with Google Device Policy) - smart lock stops working.
You can configure trusted devices/locations, but you need anyway to unlock device using pin/fingerprint/or whatever. Exactly same configuration worked well with recently replaced HTC One M7 (Sense version with Lollipop).
It's my first Samsung device after about 5 years with Android.. is there any chance they fix anything like that, is it worth to bomb tech. support about it?
On the side note, regarding alternative solution - I'm a bit curious how Knox is working. I don't like additional layer it adds to a system, and I don't really need such paranoid level of security, but.. maybe Knox is not so bad? Does it show notifications from Knox applications? How all apps are working in background, or do I need to unlock Knox each time I need to check the mail?
Yay, the upgrade to 5.1.1 has fixed this.
How do you disable exchange policy?
Update took care of it - I did not change anything.

smart lock not working

I want to use okay google in my car to change music but it rails due to the fact the device is locked. I have added several trusten bluetooth devices (removed them and re-added too) and trusten voice enabled but still the device remains locked. I am using the fingerprint scanner to unlock.
How can I start using okay google again?
anyone?
Is this place still alive?
Is there actually anyone reading this forum?
godutch said:
Is there actually anyone reading this forum?
Click to expand...
Click to collapse
LOL, for me trusted bluetooth devices is working. The fingerprint is not needed.... Did you try another bluetooth device?
The first time I used this feature with my car audio, it said the my phone has to be at least unlocked once with fingerprint because the bluetooth device has no high security standard.. but now it is working fine...
do other smart lock features work? Like trusted places?
BUT, what you can try, goto SETTINGS->Lock Screen->other security settings->Trusted agents
play around with this smartlock (google), enable disalbe again. I had prolbems with trusted places and this helped for me....
GZA1337 said:
LOL, for me trusted bluetooth devices is working. The fingerprint is not needed.... Did you try another bluetooth device?
The first time I used this feature with my car audio, it said the my phone has to be at least unlocked once with fingerprint because the bluetooth device has no high security standard.. but now it is working fine...
do other smart lock features work? Like trusted places?
BUT, what you can try, goto SETTINGS->Lock Screen->other security settings->Trusted agents
play around with this smartlock (google), enable disalbe again. I had prolbems with trusted places and this helped for me....
Click to expand...
Click to collapse
i tried and nothing is working.... ( and I tried it with 2 different s6's)

Ok google to activate assistance in P20

When I say ok google , it asks me for fingerprint or pattern.
How can I bypass the passcode and directly activate the assistance?
anyone?
I usually manage to fix it by:
- open settings
- search for "Trusted Agents"
- turn google off
- restart phone
- turn bag google agents on
But in general i need to repeat those steps after every google app update I think
Just came back from work,
i have tried to do the same way with my P20, it is not working too.
However, when i do the same for my Samsung S8+, it works!
which means voice activation for S8+ is working but not P20
Just been out of town to Japan.
And curious enough to try the ok google again
Very weird, it works perfectly in Japan with my P20
So is it limited by district or something?
I can't activate voice match at all. I've tried multiple different languages (phone and Google app) but the setting is always greyed and unclickable. Tried different fixes but no success.
Unfortunately Smart Lock has been broken in all the Android devices for a while now, and Google just doesn't seem to care. It's not an issue with Huawei phones.
Please star the issue and write a comment here, hoping one day they'll address it... https://issuetracker.google.com/issues/65972290

Fingerprint possible only on 1 profile on Poco X3 NFC (surya)

Hello XDA Bros,
I've had my Surya for about a year now, and I tried many ROMs, but the same issue occurs on every ROM.
So here is the issue:
I have a work profile (shelter) and a set of other user profiles, I can set up a pin|password|pattern for each of them without an issue.
However, If I set up a fingerprint on any profile, then I cannot set up a fingerprint on the other profiles.
When it fails, this error occurs: (Enrollment was not completed. Fingerprint enrollment didn't work. Try again or use a different finger.)
when it is set up, It works properly, and I can add multiple fingerprints for that profile.
I bought a new Xiaomi Redmi Note 11 for my little brother a week ago. And today when I was configuring it for him, I wanted to try my fingerprint issue, and to my surprise it registered the fingerprint for every single profile, including shelter work profile.
I honestly lost hope by this point, I've tried several fixes this year and none of them worked.
I can't say that the sensor is broken, since it registers fingerprints on 1 profile.
Has any of you experienced this issue? And if you did, how did you fix it?
I'll be looking forward to your replies.

Categories

Resources