feat: Add biometric authentication support for Android and iOS

- Implemented AndroidBiometricModule and AndroidBiometricPackage for biometric authentication on Android.
- Created TransparentBiometricActivity to handle biometric prompts in a transparent manner.
- Added HybridBiometricPromptView and HybridBiometricPromptViewManager for React Native integration.
- Updated SensitiveInfo class to include biometric authentication checks before accessing sensitive data.
- Enhanced iOS support with LocalAuthenticationModule and HybridBiometricPromptView for biometric prompts.
- Updated README.md with troubleshooting tips for Face ID on iOS and biometric prompts on Android.
- Added styles for transparent activity in Android.
- Updated Podfile.lock and Info.plist for necessary permissions and dependencies.
- Modified SecurityDemo component to utilize new biometric authentication features.

Author: mCodex

README.md

@@ -710,6 +710,33 @@ struct CustomSecureView: View {
 
 ## 🔧 Troubleshooting
 
+<details>
+<summary><strong>iOS Simulator: Face ID prompt doesn’t appear</strong></summary>
+
+- Ensure Simulator has biometrics enrolled: Features → Face ID → Enrolled
+- When the system prompt appears, complete with Features → Face ID → Matching Face (or Non‑matching Face to test failures)
+- If you used allowDeviceCredential on Simulator, iOS doesn’t have a passcode; we force biometrics‑only under the hood so the prompt still appears.
+- If you get locked out after too many failures, reset Face ID in Simulator (toggle Enrolled off/on) and retry.
+
+</details>
+
+<details>
+<summary><strong>Android: Prompt requires a foreground Activity</strong></summary>
+
+- BiometricPrompt needs an active foreground Activity (FragmentActivity). Make sure you call getItem/setItem while your app is in the foreground.
+- If you’re launching prompts from background services, you’ll need to bring an Activity to the front or use a transparent activity approach.
+
+</details>
+
+<details>
+<summary><strong>Pods/Headers mismatch after Nitro changes</strong></summary>
+
+- If you see “file not found” for generated headers, clean Pods and DerivedData:
+  - cd ios && pod deintegrate && pod install
+  - Clean build folder in Xcode (or delete DerivedData)
+
+</details>
+
 ### Common Issues
 
 #### ✅ Emulator & Simulator Support

SensitiveInfo.podspec

@@ -25,6 +25,7 @@ Pod::Spec.new do |s|
     "GCC_PREPROCESSOR_DEFINITIONS" => "$(inherited) FOLLY_NO_CONFIG FOLLY_CFG_NO_COROUTINES"
   }
 
+  s.dependency 'React-Core'
   s.dependency 'React-jsi'
   s.dependency 'React-callinvoker'
 

android/build.gradle

@@ -132,5 +132,8 @@ dependencies {
   // Biometric authentication support
   implementation "androidx.biometric:biometric:1.1.0"
   implementation "androidx.fragment:fragment-ktx:1.6.2"
+  
+  // Material Components for theme parent (Theme.MaterialComponents.*)
+  implementation "com.google.android.material:material:1.12.0"
 }
 

android/src/main/AndroidManifest.xml

@@ -1,2 +1,8 @@
 <manifest xmlns:android="http://schemas.android.com/apk/res/android">
+	<application>
+		<activity
+			android:name=".TransparentBiometricActivity"
+			android:exported="false"
+			android:theme="@style/Theme.Transparent"/>
+	</application>
 </manifest>

android/src/main/java/com/margelo/nitro/sensitiveinfo/AndroidBiometricModule.kt

@@ -0,0 +1,73 @@
+package com.margelo.nitro.sensitiveinfo
+
+import android.app.Activity
+import android.content.Intent
+import androidx.biometric.BiometricManager
+import com.facebook.react.bridge.*
+
+class AndroidBiometricModule(private val reactContext: ReactApplicationContext) : ReactContextBaseJavaModule(reactContext), ActivityEventListener {
+  private var pendingPromise: Promise? = null
+
+  override fun getName(): String = "AndroidBiometric"
+
+  init {
+    reactContext.addActivityEventListener(this)
+  }
+
+  @ReactMethod
+  fun isAvailable(promise: Promise) {
+    val mgr = BiometricManager.from(reactContext)
+    val can = mgr.canAuthenticate(BiometricManager.Authenticators.BIOMETRIC_STRONG)
+    promise.resolve(can == BiometricManager.BIOMETRIC_SUCCESS)
+  }
+
+  @ReactMethod
+  fun authenticate(options: ReadableMap?, promise: Promise) {
+    val activity = reactContext.currentActivity
+    if (activity == null) {
+      promise.reject("NO_ACTIVITY", "Current activity is null")
+      return
+    }
+    if (pendingPromise != null) {
+      promise.reject("IN_PROGRESS", "Another authentication is in progress")
+      return
+    }
+
+  val intent = Intent(activity, TransparentBiometricActivity::class.java)
+    options?.let {
+      if (it.hasKey("promptTitle")) intent.putExtra("promptTitle", it.getString("promptTitle"))
+      if (it.hasKey("promptSubtitle")) intent.putExtra("promptSubtitle", it.getString("promptSubtitle"))
+      if (it.hasKey("promptDescription")) intent.putExtra("promptDescription", it.getString("promptDescription"))
+      if (it.hasKey("cancelButtonText")) intent.putExtra("cancelButtonText", it.getString("cancelButtonText"))
+      if (it.hasKey("allowDeviceCredential")) intent.putExtra("allowDeviceCredential", it.getBoolean("allowDeviceCredential"))
+    }
+
+    pendingPromise = promise
+    try {
+      activity.startActivityForResult(intent, REQUEST_CODE)
+    } catch (e: Exception) {
+      pendingPromise = null
+      promise.reject("LAUNCH_ERROR", e)
+    }
+  }
+
+  override fun onActivityResult(activity: Activity, requestCode: Int, resultCode: Int, data: Intent?) {
+    if (requestCode != REQUEST_CODE) return
+    val promise = pendingPromise ?: return
+    pendingPromise = null
+
+    val success = data?.getBooleanExtra("success", false) ?: false
+    val error = data?.getStringExtra("error")
+    if (error != null) {
+      promise.reject("AUTH_ERROR", error)
+    } else {
+      promise.resolve(success)
+    }
+  }
+
+  override fun onNewIntent(intent: Intent) {}
+
+  companion object {
+    private const val REQUEST_CODE = 42421
+  }
+}

android/src/main/java/com/margelo/nitro/sensitiveinfo/AndroidBiometricPackage.kt

@@ -0,0 +1,14 @@
+package com.margelo.nitro.sensitiveinfo
+
+import com.facebook.react.ReactPackage
+import com.facebook.react.bridge.NativeModule
+import com.facebook.react.bridge.ReactApplicationContext
+import com.facebook.react.uimanager.ViewManager
+
+class AndroidBiometricPackage : ReactPackage {
+  override fun createNativeModules(reactContext: ReactApplicationContext): List<NativeModule> =
+    listOf(AndroidBiometricModule(reactContext))
+
+  override fun createViewManagers(reactContext: ReactApplicationContext): List<ViewManager<*, *>> =
+    emptyList()
+}

android/src/main/java/com/margelo/nitro/sensitiveinfo/HybridBiometricPromptView.kt

@@ -0,0 +1,77 @@
+package com.margelo.nitro.sensitiveinfo
+
+import android.app.Activity
+import android.content.Context
+import androidx.biometric.BiometricManager
+import androidx.biometric.BiometricPrompt
+import androidx.core.content.ContextCompat
+import com.facebook.react.bridge.ReactContext
+import com.margelo.nitro.core.Promise
+import androidx.fragment.app.FragmentActivity
+
+class HybridBiometricPromptView(private val context: Context) : HybridBiometricPromptViewSpec() {
+  // Props
+  override var promptTitle: String? = null
+  override var promptSubtitle: String? = null
+  override var promptDescription: String? = null
+  override var cancelButtonText: String? = null
+  override var allowDeviceCredential: Boolean? = null
+
+  override val view = android.view.View(context)
+
+  override fun show(): Promise<Boolean> = Promise.async {
+  val activity = (context as? ReactContext)?.currentActivity as? FragmentActivity
+      ?: throw IllegalStateException("Current Activity is null")
+
+    val mgr = BiometricManager.from(context)
+    val can = mgr.canAuthenticate(
+      if ((allowDeviceCredential ?: false))
+        BiometricManager.Authenticators.BIOMETRIC_STRONG or BiometricManager.Authenticators.DEVICE_CREDENTIAL
+      else
+        BiometricManager.Authenticators.BIOMETRIC_STRONG
+    )
+    if (can != BiometricManager.BIOMETRIC_SUCCESS) return@async false
+
+    // Synchronize result back to Promise
+    val latch = java.util.concurrent.CountDownLatch(1)
+    var success = false
+    var error: Exception? = null
+
+    val executor = ContextCompat.getMainExecutor(context)
+    val callback = object : BiometricPrompt.AuthenticationCallback() {
+      override fun onAuthenticationError(errorCode: Int, errString: CharSequence) {
+        error = Exception(errString.toString())
+        latch.countDown()
+      }
+      override fun onAuthenticationSucceeded(result: BiometricPrompt.AuthenticationResult) {
+        success = true
+        latch.countDown()
+      }
+      override fun onAuthenticationFailed() {
+        // ignore
+      }
+    }
+
+    val prompt = BiometricPrompt(activity, executor, callback)
+    val builder = BiometricPrompt.PromptInfo.Builder()
+      .setTitle(promptTitle ?: "Authenticate")
+      .setSubtitle(promptSubtitle)
+      .setDescription(promptDescription)
+
+    if (allowDeviceCredential == true) {
+      builder.setAllowedAuthenticators(
+        BiometricManager.Authenticators.BIOMETRIC_STRONG or BiometricManager.Authenticators.DEVICE_CREDENTIAL
+      )
+    } else {
+      builder.setNegativeButtonText(cancelButtonText ?: "Cancel")
+    }
+
+    activity.runOnUiThread {
+      prompt.authenticate(builder.build())
+    }
+
+    latch.await()
+    if (error != null) throw error as Exception
+    success
+  }
+}

android/src/main/java/com/margelo/nitro/sensitiveinfo/HybridBiometricPromptViewManager.kt

@@ -0,0 +1,17 @@
+package com.margelo.nitro.sensitiveinfo
+
+import com.facebook.react.bridge.ReactApplicationContext
+import com.facebook.react.uimanager.ViewManager
+import com.margelo.nitro.sensitiveinfo.views.HybridBiometricPromptViewManager as GeneratedManager
+
+/**
+ * Thin wrapper to expose a generated manager instance to RN.
+ * The generated manager is final, so we provide a factory function instead of subclassing it.
+ */
+class HybridBiometricPromptViewManager private constructor() {
+		companion object {
+			fun create(): ViewManager<*, *> {
+				return GeneratedManager()
+			}
+		}
+}

android/src/main/java/com/margelo/nitro/sensitiveinfo/SensitiveInfo.kt

@@ -1,16 +1,23 @@
 package com.margelo.nitro.sensitiveinfo
 
 import android.content.Context
+import android.app.Activity
 import android.os.Build
 import android.security.keystore.KeyGenParameterSpec
 import android.security.keystore.KeyProperties
 import androidx.biometric.BiometricManager
+import androidx.biometric.BiometricPrompt
+import androidx.core.content.ContextCompat
+import androidx.fragment.app.FragmentActivity
 import androidx.security.crypto.EncryptedSharedPreferences
 import androidx.security.crypto.MasterKeys
 import com.facebook.proguard.annotations.DoNotStrip
+import com.facebook.react.bridge.ReactApplicationContext
 import com.margelo.nitro.core.Promise
 import com.margelo.nitro.NitroModules
 import java.security.KeyStore
+import java.util.concurrent.CountDownLatch
+import java.util.concurrent.TimeUnit
 import javax.crypto.KeyGenerator
 
 /**
@@ -130,6 +137,7 @@ class SensitiveInfo : HybridSensitiveInfoSpec() {
    */
   @DoNotStrip
   override fun getItem(key: String, options: StorageOptions?): Promise<String?> = Promise.async {
+  authenticateIfNeeded(options)
     val securityLevel = options?.securityLevel
     val prefs = getPreferencesForSecurityLevel(securityLevel)
     prefs.getString(key, null)
@@ -140,6 +148,7 @@ class SensitiveInfo : HybridSensitiveInfoSpec() {
    */
   @DoNotStrip
   override fun setItem(key: String, value: String, options: StorageOptions?): Promise<Unit> = Promise.async {
+  authenticateIfNeeded(options)
     val securityLevel = options?.securityLevel
     val prefs = getPreferencesForSecurityLevel(securityLevel)
     prefs.edit().putString(key, value).apply()
@@ -150,6 +159,7 @@ class SensitiveInfo : HybridSensitiveInfoSpec() {
    */
   @DoNotStrip
   override fun removeItem(key: String, options: StorageOptions?): Promise<Unit> = Promise.async {
+  authenticateIfNeeded(options)
     val securityLevel = options?.securityLevel
     val prefs = getPreferencesForSecurityLevel(securityLevel)
     prefs.edit().remove(key).apply()
@@ -160,6 +170,7 @@ class SensitiveInfo : HybridSensitiveInfoSpec() {
    */
   @DoNotStrip
   override fun getAllItems(options: StorageOptions?): Promise<Map<String, String>> = Promise.async {
+  authenticateIfNeeded(options)
     val securityLevel = options?.securityLevel
     val prefs = getPreferencesForSecurityLevel(securityLevel)
     prefs.all.mapValues { it.value as? String ?: "" }
@@ -170,6 +181,7 @@ class SensitiveInfo : HybridSensitiveInfoSpec() {
    */
   @DoNotStrip
   override fun clear(options: StorageOptions?): Promise<Unit> = Promise.async {
+  authenticateIfNeeded(options)
     val securityLevel = options?.securityLevel
     val prefs = getPreferencesForSecurityLevel(securityLevel)
     prefs.edit().clear().apply()
@@ -227,3 +239,68 @@ class SensitiveInfo : HybridSensitiveInfoSpec() {
     }
   }
 }
+
+// --- Biometric helper ---
+private fun SensitiveInfo.authenticateIfNeeded(options: StorageOptions?) {
+  if (options?.securityLevel != SecurityLevel.BIOMETRIC) return
+
+  val reactContext = NitroModules.applicationContext as? ReactApplicationContext
+    ?: throw IllegalStateException("ReactApplicationContext is null")
+  val activity = reactContext.currentActivity as? FragmentActivity
+    ?: throw IllegalStateException("Current Activity is null for biometric prompt")
+
+  val manager = BiometricManager.from(activity)
+  val allowCredential = options.biometricOptions?.allowDeviceCredential == true
+  val authenticators = if (allowCredential)
+    BiometricManager.Authenticators.BIOMETRIC_STRONG or BiometricManager.Authenticators.DEVICE_CREDENTIAL
+  else
+    BiometricManager.Authenticators.BIOMETRIC_STRONG
+
+  val can = manager.canAuthenticate(authenticators)
+  if (can != BiometricManager.BIOMETRIC_SUCCESS) {
+    // Skip prompting so the storage layer can apply its own fallback choice
+    return
+  }
+
+  // Set up synchronization and state
+  val latch = CountDownLatch(1)
+  var success = false
+  var error: Exception? = null
+
+  val executor = ContextCompat.getMainExecutor(activity)
+  activity.runOnUiThread {
+    val callback = object : BiometricPrompt.AuthenticationCallback() {
+      override fun onAuthenticationError(errorCode: Int, errString: CharSequence) {
+        error = Exception(errString.toString())
+        latch.countDown()
+      }
+      override fun onAuthenticationSucceeded(result: BiometricPrompt.AuthenticationResult) {
+        success = true
+        latch.countDown()
+      }
+      override fun onAuthenticationFailed() {
+        // Ignored; prompt stays open until user cancels or succeeds
+      }
+    }
+
+    val prompt = BiometricPrompt(activity, executor, callback)
+    val builder = BiometricPrompt.PromptInfo.Builder()
+      .setTitle(options.biometricOptions?.promptTitle ?: "Authenticate")
+      .setSubtitle(options.biometricOptions?.promptSubtitle)
+      .setDescription(options.biometricOptions?.promptDescription)
+
+    if (allowCredential) {
+      builder.setAllowedAuthenticators(authenticators)
+    } else {
+      builder.setNegativeButtonText(options.biometricOptions?.cancelButtonText ?: "Cancel")
+    }
+
+    prompt.authenticate(builder.build())
+  }
+
+  // Wait for result (with a generous timeout to avoid deadlocks)
+  latch.await(2, TimeUnit.MINUTES)
+  if (!success) {
+    throw (error ?: Exception("Authentication failed"))
+  }
+}