FB pixel

Android P to require 7 percent FAR standard for authentication with BiometricPrompt API

| Chris Burt
Categories Biometric R&D  |  Biometrics News  |  Consumer Electronics
 

Android P’s BiometricPrompt API will use a 7 percent combined spoof accept rate (SAR) and imposter accept rate (IAR) as a standard to differentiate weak and strong smartphone biometrics, and will not support weak biometrics, according to a post to the Android Developers blog. The 7 percent standard enables Android to use a scalable mechanism with a tiered authentication model.

Any weak biometric on an Android device will also have to show a warning explaining its risks, and will not be able to authenticate payments or other transactions involving a KeyStore auth-bound-key, Android Security Engineer Vishwath Mohan explained in the post. Weak biometrics can be used for device unlocking on devices running Android P, but after 4 hours of inactivity users will have to use another unlocking method, such as a PIN, password, pattern, or a strong biometric. The additional requirements after a 72-hour period of inactivity will also apply to both strong and weak biometrics.

The BiometricPrompt API capabilities can also be integrated with devices running Android O and earlier versions through compatibility tools provided in a support library.

Because BiometricPrompt only supports strong authentication, developers integrating it into their apps are assured of a consistent level of security regardless of the device or biometric modality used, according to the post.

“Biometrics have the potential to both simplify and strengthen how we authenticate our digital identity, but only if they are designed securely, measured accurately, and implemented in a privacy-preserving manner,” Mohan writes. “We want Android to get it right across all three. So we’re combining secure design principles, a more attacker-aware measurement methodology, and a common, easy to use biometrics API that allows developers to integrate authentication in a simple, consistent, and safe manner.”

The Developer Preview of Android P shows native support for face, iris, and in-display fingerprint biometrics, using a blanket USE_BIOMETRIC permission.

Article Topics

 |   |   |   | 

Latest Biometrics News

 

Biometric Update Podcast explores identification at scale using browser fingerprinting

“Browser fingerprinting is this idea that modern browsers are so complex.” So says Valentin Vasilyev, Chief Technology Officer of Fingerprint,…

 

Passkeys now pervasive but passwords persist in enterprise authentication

Passkeys are here; now about those passwords. Specifically, passkeys are now prevalent in the enterprise, the FIDO Alliance says, with…

 

Pornhub returns to UK, but only for iOS users who verify age with Apple

In the UK, “wanker” is not typically a term of endearment. However, the case may be different for Pornhub, which…

 

Europol operated ‘shadow’ IT systems without data safeguards: Report

Europol has operated secret data analysis platforms containing large amounts of personal information, such as identity documents, without the security…

 

EU pushes AI Act deadlines for high-risk systems, including biometrics

The EU has reached a provisional agreement on changes to the AI Act that postpone rules on high-risk AI systems,…

 

Meta challenges UK Online Safety Act fines tied to global revenue

Lo and behold: Meta does not want to pay the fines UK regulator Ofcom says are owed to it for…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Continue Reading

Biometric Market Analysis and Buyer's Guides

Most Viewed This Week

Featured Company

Learn More

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events