Google introduces new biometric authentication API for Android
21 June 2018 19:15 GMT

Google has announced developers can start using the BiometricPrompt API to integrate biometric authentication into their apps.

According to Google, biometrics are an important part to keeping users safe. Apps and devices typically utilize knowledge factors, possession factors and biometrics factors for an authentication mechanism. Knowledge factors usually include PINs and passwords, possession factors include a token generator or security key while biometric factors include fingerprints, iris or a user’s face.

“Biometric authentication mechanisms are becoming increasingly popular, and it’s easy to see why. They’re faster than typing a password, easier than carrying around a separate security key, and they prevent one of the most common pitfalls of knowledge-factor based authentication—the risk of shoulder surfing,” Vishwath Mohan, security engineer at Google, wrote in a post.

With Android P, Google wants to provide a better model for measuring biometric security, constraint weaker authentication methods, and provide a common platform and entry point for developers to easily integrate the capability.

Biometrics typically uses two metrics: False Accept Rate (FAR) and False Reject Rate (FRR). While both metrics provide accuracy and precision thanks to machine learning, Google says they don’t account for an active attacker or provide information about its resilience against attacks. In Android 8.1, the company introduced Spoof Accept Rate (SAR) and Imposter Accept Rate (IAR) to measure how easily an attack bypasses a biometric authentication service.

Industry Events