Hi, Is there any way to enable alternate methods of user authentication, including 2FA, without touching the Android framework which is usually closed source in most Android devices?
I have previously managed to modify the Android framework to allow for alternate authentication methods, such as a hardware token. However, this obviously won't work with most devices, e.g. Samsung Galaxy S3, as Samsung doesn't release their framework source. I was researching on passing a PIN/password to the Android security framework at the app level, but it seems that while resetting/changing the PIN/password is possible with DevicePolicyManager, taking over the security lock screen is not. If alternate authentication methods are possible, it would also mean that the disk encryption key can be decoupled from the user PIN/password. Any thoughts on its possibilities? Thanks. -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/android-security-discuss?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
