FB pixel

Biometrics pros school Google on Android PAD specs

Biometrics pros school Google on Android PAD specs
 

Google is taking criticism for its new biometric specifications for Android devices, which allow an error rate of up to 7 percent on spoof attacks for even those granted the top “strong security” or “Class 3” status.

The acceptable attack presentation classification error rate (APCER) should be closer to 1 percent for the protection against fake attempts to be considered strong, Computerworld reports.

The tech giant says that mobile device manufacturers must choose the tier of native biometric security to build into their devices, avoiding the question of why the top level of the specs would allow so many presentation attacks to succeed. The three tiers specified by Google are “convenience,” “weak” and “strong.” This means there is no distinction in the specification between those devices offering an APCER of 7 percent and a presentation attack detection error rate of 1 percent or lower.

Anonybit Co-founder and CEO Frances Zelazny called the allowable error rate “very very high” in a comment to Computerworld and noted it contrasts with the performance expectations of the biometrics industry.

Despite this impedance to transparency, Google told Computerworld that it “strongly recommends disclosing the biometric class of a biometric and the corresponding risk of enabling it to users for better transparency.”

FaceTec SVP of North America Jay Meier says the strong security spec is “laughably bad,” and that it “should qualify as fraudulent.” He points out the many users will implement passkeys using native device biometrics, which at the specified security level could “enable identity theft and cybercrime.”

Passkeys are usually implemented by enterprises looking to go passwordless with native biometrics, rather than third-party software, due to the cost of the latter approach, and the ease with which the former supports bring-your-own-device policies.

Between the weak standard for PAD performance on Android devices and the typical fallback to the PIN if authentication is unsuccessful, these enterprises may not be getting the security they expect from their use of passkeys.

Pixel 8 Pro’s payments pitch imperfect

Another potential security risk that comes with weak presentation attack detection is that a thief who steals a phone could spoof the real owner’s biometrics to steal their money. Google’s own flagship smartphone, the Pixel 8 Pro, has upgraded face biometrics that are secure enough to support mobile payments and banking.

Pixel 7 users could pay for purchases on their phone with biometric authentication, but had to authenticate themselves to complete the process even if they had unlocked the device using facial recognition, which is no longer the case, according to Android Authority.

Android Authority says the face unlock feature on the Pixel 8 Pro is faster, and credits the combination of new algorithms and the device’s Tensor G3 chipset. Sunglasses and low lighting still prevent biometric recognition, as the Pixel 8 Pro still uses conventional imaging, as opposed to Apple’s infrared scanning.

The Pixel 8 Pro also includes an optical under-display fingerprint sensor, which Wccf tech reports is supplied by Goodix.

No word on the APCER of the device’s PAD system.

Article Topics

 |   |   |   |   |   |   |   | 

Latest Biometrics News

 

City of Clemson pilots Intellicheck ID verification to prevent underage drinking

Identity verification provider Intellicheck and the city of Clemson have launched a 12 month pilot program that uses identity verification…

 

Rumors of liveness detection’s defeat have been greatly exaggerated

Photo and video face filters are perhaps the most mainstream use case for augmented reality –  and an illustrative test…

 

Companies House takes new measures to fraud fight, but not biometric IDV

Companies House, the UK’s business registry, has begun rolling out new tools to fight fraud and help cleanse the register…

 

Mitek: quarterlies, annuals, SEC actions

April 4, 2024 – Mitek is getting back on track with its financial reporting, which may be more reflective of the…

 

Jamaica parliament soon to receive draft digital ID regulation for scrutiny

Plans are being finalized to send the draft regulation on Jamaica’s digital ID program to the country’s parliament for examination…

 

US launches PKI system to make mobile driver’s licenses interoperable, easy to use

The Digital Trust Service being set up by the American Association of Motor Vehicle Administrators (AAMVA) to ease the use…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read From This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events