Google leans into biometric authentication, removes bypasses

Google will soon eliminate the option to use knowledge-based screen unlocking credentials in specific situations, requiring mandatory biometric authentication. This change is similar to Apple’s stolen device protection, which makes it challenging for thieves to bypass biometric security after stealing a device.

Currently, Android devices primarily rely on the lock screen PIN, password, or pattern as the initial defense against unauthorized access to apps and data. Although some Android applications utilize biometrics, they currently allow users to revert to using lock screen credentials.

The Android 15 QPR1 Beta 2 release includes the new string “mandatory biometrics prompt description,” which indicates the introduction of a new feature for biometric verification.

Android Authority reports that the Identity Check feature will prompt biometric authentication in situations involving sensitive actions, such as changing the USB mode and adjusting screen timeout.

As part of this implementation, when a user initiates certain actions, such as modifying system settings, the device will trigger a biometric prompt.

The Identity Check feature will start with tracking the phone’s location and determine when it is outside of trusted places. When the phone is outside the zone, the biometric prompt dialog invoked by apps will no longer allow the fallback to Lock Screen Knowledge Factor (LSKF).

The security feature is especially important as a defense against physical theft.

Article Topics

Android  |  biometric authentication  |  biometrics  |  Google  |  Google Identity Check  |  smartphones