FB pixel

Biometrics pros school Google on Android PAD specs

Biometrics pros school Google on Android PAD specs
 

Google is taking criticism for its new biometric specifications for Android devices, which allow an error rate of up to 7 percent on spoof attacks for even those granted the top “strong security” or “Class 3” status.

The acceptable attack presentation classification error rate (APCER) should be closer to 1 percent for the protection against fake attempts to be considered strong, Computerworld reports.

The tech giant says that mobile device manufacturers must choose the tier of native biometric security to build into their devices, avoiding the question of why the top level of the specs would allow so many presentation attacks to succeed. The three tiers specified by Google are “convenience,” “weak” and “strong.” This means there is no distinction in the specification between those devices offering an APCER of 7 percent and a presentation attack detection error rate of 1 percent or lower.

Anonybit Co-founder and CEO Frances Zelazny called the allowable error rate “very very high” in a comment to Computerworld and noted it contrasts with the performance expectations of the biometrics industry.

Despite this impedance to transparency, Google told Computerworld that it “strongly recommends disclosing the biometric class of a biometric and the corresponding risk of enabling it to users for better transparency.”

FaceTec SVP of North America Jay Meier says the strong security spec is “laughably bad,” and that it “should qualify as fraudulent.” He points out the many users will implement passkeys using native device biometrics, which at the specified security level could “enable identity theft and cybercrime.”

Passkeys are usually implemented by enterprises looking to go passwordless with native biometrics, rather than third-party software, due to the cost of the latter approach, and the ease with which the former supports bring-your-own-device policies.

Between the weak standard for PAD performance on Android devices and the typical fallback to the PIN if authentication is unsuccessful, these enterprises may not be getting the security they expect from their use of passkeys.

Pixel 8 Pro’s payments pitch imperfect

Another potential security risk that comes with weak presentation attack detection is that a thief who steals a phone could spoof the real owner’s biometrics to steal their money. Google’s own flagship smartphone, the Pixel 8 Pro, has upgraded face biometrics that are secure enough to support mobile payments and banking.

Pixel 7 users could pay for purchases on their phone with biometric authentication, but had to authenticate themselves to complete the process even if they had unlocked the device using facial recognition, which is no longer the case, according to Android Authority.

Android Authority says the face unlock feature on the Pixel 8 Pro is faster, and credits the combination of new algorithms and the device’s Tensor G3 chipset. Sunglasses and low lighting still prevent biometric recognition, as the Pixel 8 Pro still uses conventional imaging, as opposed to Apple’s infrared scanning.

The Pixel 8 Pro also includes an optical under-display fingerprint sensor, which Wccf tech reports is supplied by Goodix.

No word on the APCER of the device’s PAD system.

Article Topics

 |   |   |   |   |   |   |   | 

Latest Biometrics News

 

Biometrics cycle from innovations to scale-up opportunities

Biometrics integrations range from the experimental to the everyday in the most-read articles of the week on Biometric Update. Yesterday’s…

 

US Justice developing AI use guidelines for law enforcement, civil rights

The US Department of Justice (DOJ) continues to advance draft guidelines for the use of AI and biometric tools like…

 

Airport authorities expand biometrics deployments with Thales, Idemia tech

Biometric deployments involving Thales, Idemia and Vision-Box, alongside agencies like the TSA,  highlight the aviation industry’s commitment to streamlining operations….

 

Age assurance laws for social media prove slippery

Age verification for social media remains a fluid issue across regions, as stakeholders argue their positions to courts and governments,…

 

ZeroBiometrics passes pioneering BixeLab biometric template protection test

ZeroBiometrics’ face biometrics software meets the specifications for template protection set out in the ISO/IEC 30136, according to a pioneering…

 

Apple patent filing aims for reuse of digital ID without sacrificing privacy

A patent filing from Apple for ensuring a presented reusable digital ID belongs to the person holding it via selfie…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events