Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon

Google updates biometric authentication for Android P, introduces BiometricPrompt API

Save for later
  • 2 min read
  • 22 Jun 2018

article-image

Google is looking for ways to improve their biometric-based authentication features for Android P, their upcoming OS. For this they are taking two major steps:

First, Google has defined a better model to measure biometric security and constrain weaker authentication methods. Secondly, they are providing a common platform-provided entry point for developers to integrate biometric authentication into their apps.

Google has combined secure design principles, a more attacker-aware measurement methodology, and an easy to use BiometricPrompt API for developers to integrate authentication in their devices in a simple manner.

Current, biometric models quantify performance from two machine learning inspired metrics, False Accept Rate (FAR), and False Reject Rate (FRR). Both metrics do a great job of measuring the accuracy and precision of a given biometric model. However, they do not provide very useful information about its resilience against attacks.

In Android 8.1, Google introduced two new metrics Spoof Accept Rate (SAR) and Imposter Accept Rate (IAR) to measure how easily an attacker can bypass a biometric authentication scheme. The SAR/IAR metrics categorize biometric authentication mechanisms as either strong or weak.

While both strong and weak biometrics allowed to unlock a device, weak biometrics did not allow app developers to securely authenticate users on a device in a modality-agnostic way. This was what inspired the development of a Biometric authentication API.

With Android P, mobile developers can use the BiometricPrompt API to integrate biometric authentication into their apps in a device. Developers can be assured of a consistent level of security across all devices their application runs on because BiometricPrompt only exposes strong modalities.

google-updates-biometric-authentication-for-android-p-introduces-biometricprompt-api-img-0

BiometricPrompt API architecture

Unlock access to the largest independent learning library in Tech for FREE!
Get unlimited access to 7500+ expert-authored eBooks and video courses covering every tech area you can think of.
Renews at €18.99/month. Cancel anytime


The API is automated and easy to use. Instead of forcing app developers to implement biometric logic, the platform automatically selects an appropriate biometric to authenticate. For devices running Android O and earlier, a support library is provided for allowing applications to utilize this API across other devices.

Further details on BiometricPrompt API are available on the Android developer blog.

Top 5 Google I/O 2018 conference Day 1 Highlights: Android P, Android Things, ARCore, ML kit and Lighthouse
Android P new features: artificial intelligence, digital wellbeing, and simplicity