Problem with biometric security / pin protection

[smjohns]

Describe the bug
I've noticed a problem with biometric/pin protection in that if you set a pin manually, whilst you can unlock the app with your fingerprint, if you try to edit or deactivate the pin using the biometric it confirms PIN does not match.

When activating pin, the app lets you set this up just using biometric but after this you can only deactivate using biometric.... It's very strange and not sure it's working correctly.

To Reproduce

1. Launch money and go to settings and security.
2. When you click Activate Passcode the app displays the biometric symbol.
3. If you cancel this and enter a manual code such as 12345 then hit cancel again and re-enter 12345 this is accepted.
4. Relaunch app the biometric symbol appears and it allows you into the app.
5. Return to settings and Security and then try to edit/deactivate security. Again the phone offers biometric but if you use this the app says "passcode do not match"
6. If you try both again but this time cancel biometric and enter 12345 then this is accepted.

It's similar in reverse, in that if you use biometric to set a passcode, there is no way to deactivate or edit this without biometric.

Is this correct behaviour? Seems a bit weird?

Expected behavior
Not sure. I would expect you to be forced to set a passcode when activating and the app not offering biometric at that point. Then to edit or deactivate the passcode I'd expect the so to accept either the passcode or biometric?

Screenshots
Will attach in next post

Device Information:

• Device: Samsung
• OS: Android 14
• Storage: 256gb
• Synchronization: Sync on Start
• Encrypted: No
• App Version: 2024.05.02

Additional context
Seems to be a disconnect between passcode and biometric?

[smjohns]

[dimaguy]

I think biometric lock needs to be set as optional for more security, and the UI to set this up is very confusing because you can bypass the PIN check if you enable it by using the fingeprint with the pin field empty