Google introduces new biometric authentication API for Android P

Google introduces new biometric authentication API for Android P

Google is looking to improve biometrics in its upcoming Android P. The company announced that developers can start integrating biometric authentication into their apps using the BiometricPrompt API.

[[233901]]

According to Google, biometrics are an important part of keeping users safe. Applications and devices often use knowledge factors, possession factors, and biometrics factors for authentication mechanisms. Knowledge factors typically include PINs and passwords, possession factors include token generators or security keys, and biometrics factors include fingerprints, irises, or the user's face.

Vishwath Mohan, a security engineer at Google, wrote in a blog post:

Biometric authentication mechanisms are becoming increasingly popular, and it’s easy to see why. They’re faster than typing in a password, easier than carrying a separate security key, and they prevent the risks of knowledge-based authentication.

With Android P, Google hopes to provide a better model for measuring biometric security, restrict weaker authentication methods, and provide a common platform and entry point for developers to easily integrate the functionality.

Biometrics typically uses two metrics: the false acceptance rate (FAR) and the false rejection rate (FRR). While both metrics provide an indication of the accuracy and precision of machine learning, Google says they do not take active attackers into account or provide information about resilience against attacks. FAR focuses on security issues, measuring how often an illegitimate user is accidentally identified as the device owner, while FRR focuses on usability issues, measuring how often the legitimate device owner has to retry their authentication.

In Android 8.1, the company introduced the Spoof Acceptance Rate (SAR) and Impersonation Acceptance Rate (IAR) to measure how easy it is for an attack to bypass biometric authentication services. "Spoofing" refers to using a known good recording (such as replaying an audio recording or using a picture of a face or fingerprint), while "impersonation" means successfully mimicking another user's biometrics (such as trying to sound or look like the target user).

<<:  The real reason Apple and Google want you to spend less time on your phone

>>:  You can't hire programmers like this

Recommend

Android Fragment uses full parsing

The use of Fragment is a commonplace~~~ 1. Overvi...

Is Miaopai's efforts in vertical content a desperate gamble or a confident move?

Vertical short videos are the first choice for sh...

What? The coffee you love so much was discovered by sheep first!

Review expert: Peng Guoqiu, deputy chief physicia...

What is it like to have a 2GB per second internet speed? !

2GB Internet speed! That means downloading a high-...

Ginkgo biloba: a living fossil that can be seen and touched

Autumn is the most beautiful season of the year f...

3.15 How to make fake copywriting look real

3.15 How to make fake copywriting look real? Tomo...

3 ways to promote new products!

In the Internet age, there is no shortage of inno...

Is breast cancer really a cancer that is already written into our genes?

Breast cancer, like all other cancers, is caused ...

The hidden champion of short video track

In the era of attention economy, where eyeballs a...

Review of 2016: Who are the top 10 most frustrated mobile phone manufacturers?

2016 is about to end. This year, the growth rate ...

Make your PHP 7 faster (GCC PGO)

[[137597]] We have been working hard to improve t...