Decoding Biometric Authentication for Android Apps
Contributor - 11 November 2020 -
Contributor - 11 November 2020 -
In this blog, we will be talking about Biometric validation to add an extra layer of security in our application all the while ensuring the highest level of good user experiences. Before jumping on to the implementation of biometric validation, we will first analyze the need and how this will warrant more security and a sense of privacy to users without compromising the user experience of the application.
Traditionally to safeguard confidential and sensitive information, most applications require the user to sign in. For that, the user enters a username and password, the application sends the credentials to an auth server, and eventually, the server will return some kind of token that will be used by the application to query the remote server for restricted data.
This is fine and perfect in the case of the web interface, but for mobile, we improve the user experience a notch better and have an extra layer of security at the same time. You must be wondering what exactly we are trying to solve here. Let’s take some examples-
The Biometric Approach
All the flaws discussed above can be fixed by safeguarding login credentials under another layer of authentication i.e., Biometric Validation using a fingerprint sensor. This will solve the problem of per session authentication without the user have to enter the credentials every time, they can just use their biometric and a successful validation will enable their saved credentials to auto-login. Even for applications like social networking sites or email, user credentials will be safeguarded by biometric so as to prevent auto-login actions by unauthorized users.
This can also be used in an application with no login flow, like in the case of the photo gallery. This way, one can safeguard their personal information with another layer of security and can ensure next-level privacy. In the coming section, let’s understand how we can add biometric validation to our android application.
Create a new project and choose the template of your choice.
Choose “Bottom Navigation Activity”, so that you get to see two sets of Biometric validation:
You can rename the classes created by this template as per my choice.
open build.gradle (Module: app) and add the following library dependency within dependencies:
open AndroidManifest.xml and add the following in the manifest element.
<uses-permission android:name=”android.permission.USE_BIOMETRIC” />
sync project by clicking on “Sync Now”.
Check for the biometric support available on your device by calling
The above method will let you know about the state of your device for biometric validation.
BIOMETRIC_SUCCESS: It means we can use the biometric for validation without any worry.
BIOMETRIC_ERROR_NONE_ENROLLED: It means the user have the biometric but didn’t enable yet, we can let the user know that if they enable it and add their biometric detail they can use the app in a more secure way.
Setting Up Biometric Prompt
Firstly, we need to create an instance executor for running the biometric prompt on the main thread.
Executor executor = ContextCompat.getMainExecutor(getContext());
Build the PromptInfo for the authenticate prompt view
If you wish to have PromptInfo with Device credential allowed, you need to set DeviceCredentialAllowed.
To authenticate using the promptInfo, add the following line
Now the final integration before seeing it in action will be to use the Biometric availability to decide the flow.
Fig 1- Biometric without PIN option
Fig 2- Biometric with PIN option
Fig 3- PIN screen of Biometric with PIN option
We went through a detailed explanation of how we can use our biometric credential to hide or safeguard any set of information and we saw it with device PIN as well. In case the Biometric breakdown occurs, one can use the device PIN to access that information.
For more details and an in-depth view, you can find the code here.