fix: alert user on biometric changed TO-454

[ieow]

Description

User change biometric ( add / remove fingerprint) Metamask wallet not able to detect and handle it properly
TO-454

Changelog

CHANGELOG entry: Alert User on biometric changed

Related issues

Fixes:

Manual testing steps

Feature: Detect Biometric Changed

  Scenario: user create MM wallet with biometric enabled
    Given User create MM wallet with biometric enabled

    When user remove 1 of N fingerprint / change faceId from system ( fingerprint/face)
    Then MM should Alert user that biometric changed and previous biometric become invalid

Screenshots/Recordings

Before

Screen.Recording.2026-03-18.at.3.17.33.PM.mov

After

Screen.Recording.2026-03-18.at.3.34.13.PM.mov

Pre-merge author checklist

• I've followed MetaMask Contributor Docs and MetaMask Mobile Coding Standards.
• I've completed the PR template to the best of my ability
• I've included tests if applicable
• I've documented my code using JSDoc format if applicable
• I've applied the right labels on the PR (see labeling guidelines). Not required for external contributors.

Pre-merge reviewer checklist

• I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed).
• I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.

---

Note

Medium Risk
Touches unlock and credential-reset flows: mis-detection could incorrectly reset local auth settings or interrupt login, though changes are scoped and covered by new unit tests.

Overview
Adds handling for the Android "biometrics changed" failure case during Authentication.unlockWallet: when the thrown Error.message contains USER_NOT_AUTHENTICATED, the app shows a non-cancelable alert and then locks the app with reset: true to clear stored credentials.

Refactors auth cleanup by centralizing removal of legacy auth storage flags and remember-me state into clearAuthStorageFlags, reusing it from both storePassword and resetPassword, and ensuring resetPassword also disables OS auth in Redux.

Updates constants and strings to include UNLOCK_WALLET_ERROR_MESSAGES.USER_NOT_AUTHENTICATED plus new login.biometric_changed* i18n keys, and extends tests to cover the new reset behavior and alert/lock paths.

^{Written by Cursor Bugbot for commit 288036e. This will update automatically on new commits. Configure here.}

[github-actions]

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

[ieow]

TO-454

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[Cal-L]

LGTM

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

There are 2 total unresolved issues (including 1 from previous review).

^{Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.}

[github-actions]

🔍 Smart E2E Test Selection

• Selected E2E tags: SmokeAccounts, SmokeWalletPlatform
• Selected Performance tags: None (no tests recommended)
• Risk Level: medium
• AI Confidence: 72%

click to see 🤖 AI reasoning details

E2E Test Selection:
The changes are in app/core/Authentication/Authentication.ts, a critical core module that handles login, unlock, and password reset flows.

Key changes:

1. Refactoring: clearAuthStorageFlags() extracted as a private method - previously only called in storePassword, now also called in resetPassword. This is a behavioral change: resetPassword now additionally clears biometry/passcode storage flags and resets allowLoginWithRememberMe Redux state, plus calls updateOsAuthEnabled(false).
2. New Android biometric error handling: When unlockWallet() fails with USER_NOT_AUTHENTICATED error (Android-specific, triggered when user changes biometrics), a non-dismissible alert is shown prompting re-enablement, then lockApp({ reset: true }) is called instead of reset: false. This is a new code path.
3. New locale strings: 3 new strings for the biometric changed alert.
4. New constant: USER_NOT_AUTHENTICATED error message.

Why SmokeAccounts: This tag covers account security flows including credential management, SRP export, and wallet details. The authentication changes directly affect how accounts are secured and accessed. The resetPassword behavioral change could affect account security flows.

Why SmokeWalletPlatform: This tag covers wallet lifecycle including SRP import flows, account deletion, and multi-SRP architecture - all of which go through authentication. The resetPassword change (now clearing auth flags) could affect wallet lifecycle flows.

Why NOT all tags: The changes are well-contained to authentication internals. The new biometric error handling is Android-specific and only triggers in an edge case (biometric change). The refactoring is clean. No UI components were changed. The locale strings are new additions (no existing strings modified). The unit tests provide good coverage of the new behavior.

Performance: No performance impact expected - these are error handling and storage flag cleanup operations, not rendering or data loading changes.

Performance Test Selection:
The changes are in authentication error handling and storage flag cleanup. No UI rendering, list components, data loading, or app startup paths are affected. The new biometric alert is an edge-case error handler. No performance impact expected.

View GitHub Actions results

[github-actions]

✅ E2E Fixture Validation — Schema is up to date
17 value mismatches detected (expected — fixture represents an existing user).
View details

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud