Operating system
Android
Joplin version
3.3.11
What issue do you have?
My phone has lost its fingerprint function. Long story, not coming back. Apparently when a Pixel loses its fingerprint module it forgets it ever had one. Running Joplin generates the following message "Could not verify your identity: Device does not support Fingerprint Scanner". No options, no recovery.
This is a problem because I use Joplin to store a file which holds all of my private information-- hashkeys, credit cards etc. I can no longer access it.
What are my options? Is there a way to convince Joplin to accept other credentials? Can I move the installation to another phone which has a working fingerprint function?
Perhaps it is not the most sanguine to put the security part in front of the configuration of security part?
Screenshots
It does say on the biometrics option that you have to uninstall and reinstall the app if the app won't start, as a disclaimer. This means you will lose your data if you have not set up sync.
The only way you can access the data without existing sync is if you root your phone and then access Joplin's /data/data directory directly.
Note that in Joplin 3.4 for mobile, when it is released, it will have the option to unlock in more ways than just fingerprint, such as using a passcode
The entire point of this file was to not expose it to the cloud. I think you can understand that the rare prospect of losing the fingerprint module and having the phone act anomalously due to that was not reasonable due diligence.
And are you saying the file in /data/data is not crypted?
When is 3.4 coming out?
I was supposed to make a 3.4 release two days ago but somehow it didn't work. I'm going to try again
v3.4 is now available here, with the biometric update:
https://github.com/laurent22/joplin-android/releases/download/android-v3.4.1/joplin-v3.4.1.apk
Please give it a try and let me know how it goes
1 Like
The data isn't encrypted at the application level, but running on Android, it will have a large amount of protection around it that makes this non trivial, because the manufacturer approved way of rooting a Pixel involves a factory reset which would delete your data anyway, and one application cannot access the private storage of another with the sandbox.
If the fingerprint module can't be made to work again, the only option the android setup would provide for is an application update that made the fingerprint no longer compulsory, signed by the devs own keys which is problematic given what it's for. With the passcode unlock in 3.4, you might get around it because the API's are usually authenticating against the phones TEE and not the specific biometrics, so in theory your passcode is already accepted though not asked for, be sure to grab it from the same source as you originally installed so Android sees it signed the same way and installs the beta over your current version rather than instead of it (this is me saying, I don't think the Github releases are signed the same way).
Otherwise, your options involve using a security exploit to root your own phone without unlocking the bootloader the normal way, which being a pixel presumably with all the latest updates, is an incredibly difficult ordeal when Google disincentivize people trying to by making an official method to do so and patch out the exploits rapidly.
1 Like
Thanks. So I'll wait for 3.4 to show up on the Play store before doing the upgrade.
@Paulpinecone it will be at least 1 month for it to be published to the Play store, according to the release schedule. The link Laurent posted is an apk which has the same signing as the play store version. So to avoid waiting, you can download that apk and sideload it onto your phone (google how to do this if you don't know how - rooting the phone is NOT required for this)
1 Like
Worked. Damn, that's customer service. You leave me with nothing to complain about. I shall go about my merry way.
2 Likes
