Google introduces new biometric authentication API for Android P

Google introduces new biometric authentication API for Android P

Google is looking to improve biometrics in its upcoming Android P. The company announced that developers can start integrating biometric authentication into their apps using the BiometricPrompt API.

[[233901]]

According to Google, biometrics are an important part of keeping users safe. Applications and devices often use knowledge factors, possession factors, and biometrics factors for authentication mechanisms. Knowledge factors typically include PINs and passwords, possession factors include token generators or security keys, and biometrics factors include fingerprints, irises, or the user's face.

Vishwath Mohan, a security engineer at Google, wrote in a blog post:

Biometric authentication mechanisms are becoming increasingly popular, and it’s easy to see why. They’re faster than typing in a password, easier than carrying a separate security key, and they prevent the risks of knowledge-based authentication.

With Android P, Google hopes to provide a better model for measuring biometric security, restrict weaker authentication methods, and provide a common platform and entry point for developers to easily integrate the functionality.

Biometrics typically uses two metrics: the false acceptance rate (FAR) and the false rejection rate (FRR). While both metrics provide an indication of the accuracy and precision of machine learning, Google says they do not take active attackers into account or provide information about resilience against attacks. FAR focuses on security issues, measuring how often an illegitimate user is accidentally identified as the device owner, while FRR focuses on usability issues, measuring how often the legitimate device owner has to retry their authentication.

In Android 8.1, the company introduced the Spoof Acceptance Rate (SAR) and Impersonation Acceptance Rate (IAR) to measure how easy it is for an attack to bypass biometric authentication services. "Spoofing" refers to using a known good recording (such as replaying an audio recording or using a picture of a face or fingerprint), while "impersonation" means successfully mimicking another user's biometrics (such as trying to sound or look like the target user).

<<:  The real reason Apple and Google want you to spend less time on your phone

>>:  You can't hire programmers like this

Recommend

Top 10 skills mobile game developers must master

If you want to design a game that pleases your pe...

There is a lot to watch? Can Weijing grab a share of the smart TV industry?

Starting with traditional TV manufacturers such a...

How to make users addicted to your product? 5 steps!

"Information overload" is the current s...

How should operations use data?

How should operations use data? This question ste...

Traditional SIM cards: It’s time to say goodbye

Key Points The existence of SIM cards has partial...

Kaikeba Digital Business Analysis and Management Elite Class 01

Introduction to the resources of the 1st session ...

Hotel Marketing: How to do good marketing for a new hotel?

For newly opened hotels, how to carry out hotel m...