Several Android devices, including Pixel (≥3) and select Samsung models, are equipped with Strongbox Keymaster support. StrongBox enables the storage of sensitive information within the Secure Element, enhancing security significantly.
Current Implementation
As of now, Bitwarden for Android (both stable and beta versions) does not leverage this feature. Instead, it stores information in the Trusted Execution Environment (TEE). Although TEE is secure, the Secure Element, backed by StrongBox, offers superior protection. It is tamper-resistant and operates on a dedicated chip equipped with its own RAM, CPU, and operating system.
Suggested Enhancement
For devices that support the FEATURE_STRONGBOX_KEYSTORE flag, I propose enabling StrongBox integration by setting the setIsStrongBoxBacked(true) property. This change would direct Bitwarden to store the biometric key within the Secure Element, thereby utilizing the full security capabilities of the device.