FB pixel

Google updates Android 6.0 requirements for fingerprint sensors


Google has updated its Compatibility Definition document for Android 6.0, which details a list of requirements smartphone and tablet manufacturers will need to follow in order to properly run its new Android 6.0 operating system, or Android Marshmallow, according to a report by Venture Beat.

In addition to manufacturers enabling full-disk encryption by default and not being able to modify Doze mode, Google’s Compatibility Definition details the exact requirements for implementing fingerprint sensors into a mobile device.

As previously reported, the new Nexus smartphones feature fingerprint sensors, which means that an increasing number of other Android devices are expected to follow suit.

Although several flagship devices already offer support fingerprint authentication, OEMs are expected to implement the feature, which can be used to unlock the device, authorize transactions in the Google Play store, sign into third-party apps, and check out with Android Pay.

Since Android 6.0 is currently unable to handle the fingerprint authentication capability, Google has detailed a lengthy list of requirements for implementing fingerprint sensors in Android devices.

Therefore, if a device implementation includes a fingerprint sensor and has a corresponding API for third-party developers, it must declare support for the android.hardware.fingerprint feature, fully implement the corresponding API as described in the Android SDK documentation, have a false acceptance rate no higher than 0.002%, rate limit attempts for at least 30 seconds after 5 false trials for fingerprint verification, and have a hardware-backed keystore implementation.

Additionally, the device must perform the fingerprint matching in a Trusted Execution Environment (TEE) or on a chip with a secure channel to the TEE, have all identifiable fingerprint data encrypted and cryptographically authenticated such that they cannot be acquired, read or altered outside of the TEE, prevent adding a fingerprint without first establishing a chain of trust by having the user confirm existing or add a new device credential (PIN/pattern/password) using the TEE, not enable third-party applications to distinguish between individual fingerprints, honor the DevicePolicyManager.KEYGUARD_DISABLE_FINGERPRINT flag, and when upgraded from a version earlier than Android 6.0, have the fingerprint data securely migrated to meet the above requirements or removed.

The document also notes two requirements that are strongly recommended, but not completely mandatory, including the device having a false rejection rate not higher than 10%, and a latency from when the fingerprint sensor is touched until the screen is unlocked below 1 second, for 1 enrolled finger; and using the Android fingerprint icon provided in the Android Open Source Project.

Device manufacturers will have to adhere to these requirements to ensure that their fingerprint sensors work with Marshmallow, along with any apps that use its APIs.

It is still unclear how these requirements will affect smartphones and tablets that upgrade to Android 6.0, however, users will likely have to re-scan their fingerprint in order for it to work.

Review the complete 74-page Compatibility Definition document.

Article Topics

 |   |   |   |   |   |   | 

Latest Biometrics News


Michigan City Council orders comprehensive facial recognition policy for local police

In a move aimed at safeguarding civil liberties, the City Council of Ann Arbor in Michigan has taken a decisive…


Video deepfake fraud threat is real, helplessness is not: ID R&D webinar

Deepfakes have become a cause for common concern, with articles and viral posts warning of their power to deceive. Real-life…


Mobile driver’s licenses continue to pick up speed

Mobile driver’s licenses (mDLs) are among the final pieces of a fully-realized digital wallet ecosystem that would see us permanently…


Sumsub expands data sources to improve KYB

Sumsub has provided upgrades to its Business Verification platform aimed at tackling the common challenges that businesses encounter during the…


DHS reinterprets foreign worker fees to fund biometric border system

The U.S. Department of Homeland Security has proposed a way to fund its Biometric Entry-Exit program by changing the fee…


NIST adds flexibility, digital format to security requirements for federal contractors

The U.S. National Institute of Standards and Technology has updated its guidance for how businesses working with the federal government…


14 Replies to “Google updates Android 6.0 requirements for fingerprint sensors”

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events