Biometric unlock
On Android, PratikYedek can wrap your master password inside the device secure enclave (Android Keystore / StrongBox) so that you do not have to type it every time you open the app.
KVKK note: The master password never leaves the device. The Keystore-wrapped form is bound to the device hardware; uninstalling the app or factory-resetting the device destroys the key. PratikYedek cannot read or recover this value.
Enabling biometric unlock
- After the AuthBootstrap modal accepts your master password for the first time, the app offers "Use fingerprint / face next time".
- Tap Enable. Android will prompt for biometric capture (passport-grade Class 3 sensors only).
- The master password is wrapped with
BIOMETRIC_STRONGand stored in Keystore.
Disabling biometric unlock
Settings → Security → Biometric unlock → toggle off. The wrapped key is destroyed immediately.
Failure modes
| Cause | Behaviour |
|---|---|
| New fingerprint enrolled | Wrapped key invalidated; master password asked again |
| Factory reset | Wrapped key destroyed; full re-onboarding |
| Biometric sensor disabled in Android | App falls back to master password modal |
| 5 failed biometric attempts | 30s cooldown; afterwards master password modal |
Why not iOS?
iOS support is deferred to Phase 4.5 (see ADR-025 and the Apple-en-sona decision). Until then, iOS users authenticate via master password on every launch through the web panel.