refactor: Replace device security toggle in settings + deprecate remember me + introduce auth capabilities functionality

[Cal-L]

Description

This change replaces the legacy authentication toggles in settings (biometrics, passcode, and remember me) with a consolidated toggle: Device Authentication. With the new implementation, we support three authentication tiers: Remember Me (Legacy), Biometrics, and Passcode/Pin/Pattern (Consolidated into Device Authentication). Since Remember Me is deprecated, users using the feature will initially see a Remember Me toggle (to preserve backwards compatibility). However, once turned off, Remember Me will never be shown again. New users will never see the Remember Me option. We are also supporting backwards compatibility with respect to the other two authentication preferences: biometrics and passcode. The app will continue to respect the option that the user has chosen as long as the auth preference is toggled on.

The toggles and authentication system is also designed to support the transition into a more seamless authentication system: Biometrics first authentication with device passcode fallback. In other words, users will be able to use any biometrics or device passcode to access their wallet. For example, if a user disables biometrics in the OS settings while auth preferences is enabled in the app, the app will automatically fallback to use device passcode as opposed to password. Password is used as a fallback whenever authentication preferences is disabled by a user in the app. This is why the toggle is labeled as Device Authentication, because the device handles which auth tier to use.

Changelog

CHANGELOG entry:

Related issues

Fixes: https://consensyssoftware.atlassian.net/browse/MCWP-305

Manual testing steps

Remember Me (new users won't see this option anymore)

• With Remember Me previously toggled on
• User should see Remember Me toggle in Settings
• Turn off Remember Me
• With biometrics enabled in OS settings, device toggle should now show biometrics option (or device authentication for Android)
• With biometrics disabled in OS settings, device toggle should now show passcode option (or device authentication for Android)

Legacy biometrics on iOS (force use biometrics)

• Turn on biometrics
• App should prompt biometrics when locked
• Turn off biometrics in OS
• App should fallback to use password
• User should see CTA in settings that links into OS settings to re-enable device authentication
• Turn on biometrics in OS settings
• App should now prompt biometrics
• Turn off biometrics toggle in settings
• App should now fallback to password

Legacy Passcode on iOS (force use passcode)

• Turn on passcode
• App should prompt passcode when locked
• Turn off passcode in OS
• App should fallback to use password
• User should see CTA in settings that links into OS settings to re-enable device authentication
• Turn on passcode in OS settings
• App should now prompt passcode
• Turn off passcode toggle in settings
• App should now fallback to password

Device Authentication (Consolidated behavior)

• If biometrics is enabled in OS
• Turn on device authentication toggle
• App should prompt biometrics when locked
• Turn off biometrics in OS
• App should fallback to use passcode
• Turn off passcode in OS
• User should see CTA in settings that links into OS settings to re-enable device authentication
• Turn on biometrics in OS
• App should prompt biometrics when locked
• Turn off device authentication in settings
• App should now fallback to password

Screenshots/Recordings

Before

After

Turning off Remember Me

turn-off-remember-me.mov

Legacy biometrics

legacy-biometrics.mov

Legacy passcode

legacy-passcode.mov

Device authentication on iOS

device-auth-ios.mov

Device authentication on Android

device-authentication-android.mov

Device authentication on Login screen

device-authentication-login.mov

Pre-merge author checklist

• I've followed MetaMask Contributor Docs and MetaMask Mobile Coding Standards.
• I've completed the PR template to the best of my ability
• I've included tests if applicable
• I've documented my code using JSDoc format if applicable
• I've applied the right labels on the PR (see labeling guidelines). Not required for external contributors.

Pre-merge reviewer checklist

• I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed).
• I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.

---

Note

Medium Risk
Touches login and security-settings authentication flows (capability detection, unlock entry points, and preference updates), so regressions could block sign-in or mis-handle auth state despite solid test updates.

Overview
Consolidates authentication UX around a single “Device Authentication” capability model. The login screen replaces the platform-specific BiometryButton (and its many icon variants) with a new DeviceAuthenticationButton that renders a single SecurityKey icon and shows/hides based on useAuthCapabilities and lock state.

Refactors Security Settings and Remember Me deprecation flow. The legacy settings sections for biometrics/passcode and the Remember Me toggle are removed and replaced with a new DeviceSecurityToggle that derives the target auth type via getAuthCapabilities, supports a settings CTA when OS auth must be enabled, handles password-required errors via EnterPasswordSimple callbacks, and uses optimistic UI state. Disabling Remember Me via TurnOffRememberMeModal now always restores PASSWORD auth and clears PREVIOUS_AUTH_TYPE_BEFORE_REMEMBER_ME, with modal button styling made configurable via cancelButtonMode.

Tests and snapshots are updated accordingly (new toggle/button tests, updated selectors, and improved async/trace handling in login tests).

^{Written by Cursor Bugbot for commit 9a0dae8. This will update automatically on new commits. Configure here.}

[github-actions]

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

[Cal-L]

Simplify hook

[Cal-L]

Expose auth methods

[Cal-L]

Greatly simplify store password to just pass through auth type

[Cal-L]

this is where osAuthEnabled is updated since it reflects the status of stored password result

[Cal-L]

Also account for legacy flags in auth capabilities derivation

[Cal-L]

Derive auth type from util

[Cal-L]

Derive auth label from util

[Cal-L]

Boolean to indicate if we should show a link to open OS settings for enabling device authentication

[Cal-L]

Removed invalid properties

[github-actions]

🔍 Smart E2E Test Selection

• Selected E2E tags: SmokeAccounts, SmokeWalletPlatform
• Selected Performance tags: @PerformanceLogin
• Risk Level: high
• AI Confidence: 85%

click to see 🤖 AI reasoning details

E2E Test Selection:
This PR is a significant refactoring of the authentication system in MetaMask Mobile. The changes include:

1. Core Authentication Refactoring:

   • Authentication.ts: Major changes to storePassword method, getAuthCapabilities, and new updateOsAuthEnabled method
   • SecureKeychain.ts: Simplified keychain storage with unified access control (BIOMETRY_ANY_OR_DEVICE_PASSCODE)
   • New AUTHENTICATION_TYPE.DEVICE_AUTHENTICATION type, deprecating BIOMETRIC, PASSCODE, and REMEMBER_ME

2. UI Changes:

   • Login screen: Replaced BiometryButton with DeviceAuthenticationButton, simplified auth flow using useAuthCapabilities hook
   • Security Settings: New DeviceSecurityToggle component replacing LoginOptionsSettings and RememberMeOptionSection
   • Deleted components: BiometryButton, LoginOptionsSettings, RememberMeOptionSection

3. Migration 120: New migration to derive osAuthEnabled from existing auth preferences for existing users

4. Test ID Changes: BIOMETRICS_TOGGLE and DEVICE_PASSCODE_TOGGLE replaced with DEVICE_SECURITY_TOGGLE

Selected Tags Reasoning:

• SmokeAccounts: Required because changes affect account security flows including SRP protection, credential display, and authentication mechanisms. The Login screen changes and Security Settings changes directly impact account access flows.
• SmokeWalletPlatform: Required because changes affect core wallet platform features including the login/unlock flow, security settings, and wallet lifecycle. The migration affects existing users' authentication preferences.

The changes don't directly affect:

• Transaction confirmations (SmokeConfirmations)
• Network management (SmokeNetworkAbstractions/SmokeNetworkExpansion)
• Trading features (SmokeTrade, SmokePerps, SmokePredictions)
• Card features (SmokeCard)
• Ramps (SmokeRamps)
• Multi-chain API (SmokeMultiChainAPI)
• Identity sync (SmokeIdentity)
• Snaps (FlaskBuildTests)

Performance Test Selection:
The changes significantly affect the login and authentication flow. The Login screen now uses useAuthCapabilities hook which fetches authentication capabilities asynchronously. The SecureKeychain.getGenericPassword method has been modified with new access control options. These changes could impact login/unlock performance, making @PerformanceLogin appropriate to verify there's no performance regression in the authentication flow.

View GitHub Actions results

[sonarqubecloud]

Quality Gate passed

Issues
23 New issues
0 Accepted issues

Measures
0 Security Hotspots
93.4% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[MarioAslau]

LGTM

[vinnyhoward]

LGTM