MASTG-TEST-0249: Runtime Use of Secure Screen Lock Detection APIs
Overview¶
This test is the dynamic counterpart to References to APIs for Detecting Secure Screen Lock.
In this case, we'll look for uses of KeyguardManager.isDeviceSecure and BiometricManager.canAuthenticate APIs.
Steps¶
- Use Installing Apps to install the app.
- Use Method Hooking to hook the relevant API calls.
- Exercise the app extensively to trigger as many flows as possible and enter sensitive data wherever you can.
Observation¶
The output should contain a list of locations where relevant APIs are used.
Evaluation¶
The test case fails if an app doesn't use any API to verify the secure screen lock presence.