Google announced today that it plans to improve existing biometric authentication mechanisms available in its Linux-based Android mobile operating system in the upcoming Android P release in an attempt to offer users better security and privacy.
As biometric authentication mechanisms like fingerprint scanning and face unlocking are becoming more and more popular among Android users, Google has to make them more secure and improve them to offer users better privacy. The company announced today that it plans to define a better model to measure biometric security.
Android P, which is the next major release of the Android mobile operating system expected to hit the streets this summer, will be the first to come with much-improved and less weaker authentication methods, said Google, which plans to create a common platform for application developers to integrate biometric authentication into their apps.
In Android 8.1 Oreo, Google uses four machine learning methods for biometric authentication, namely False Accept Rate (FAR), False Reject Rate (FRR), Spoof Accept Rate (SAR), and Imposter Accept Rate (IAR). These are designed to offer Android users accurate and precise biometric unlocks, as well as a level of security for possible biometric authentication spoofing and bypass.
With Android P, Google wants to take biometric authentication to the next level by forcing weak biometrics to also require the user to re-enter a password, pattern, PIN, or strong biometric to unlock their devices if they haven't been used for 4 hours. Moreover, in Android P users won't be able to use weak biometrics to authenticate payments or similar transactions.
The second part of the biometric authentication enforcement announced today by Google is the implementation of a new, easy-to-use API (Application Programming Interface) for Android application developers, called BiometricPrompt API, which lets them integrate biometric authentication into their apps, while not supporting weak biometrics by exposing stronger authentication methods.
The good news is that the forthcoming BiometricPrompt API will be backwards compatible, which means that even devices running Android Oreo can benefit from its advantages, such as the stronger biometric authentication methods it empowers. More information about the BiometricPrompt API and how to implement it on your Android apps are available here.