Hence, it is crucial for developers to also focus carefully on enhancing app security along with user productivity. One of the most secure manners of boosting app security and safeguarding user data is with the help of biometric authentication, such as facial or fingerprint recognition.
Biometric authentication allows users to unlock their mobile devices using fingerprint or facial recognition. This helps in ensuring that the right person is accessing the mobile device.
Now, let’s explore biometric authentication in Android using an API (application programming interface).
AndroidX Biometric API is a comprehensive solution for handling biometric authentication in Android applications. This API authenticates users with the help of biometrics and device credentials, while performing cryptographic operations. This API can be integrated easily into any Android project by adding it as a dependency.
Here’s how it can be done in the build.gradle file of your app module:
Since the AndroidX Biometric API is relatively new and not all devices possess biometric capabilities, it becomes necessary to check if a particular device is capable. The following extension function can be used to check biometric authentication capabilities:
In this above scenario, we created a BiometricManager using the provided context that would assist canAuthenticate() in determining whether the hardware has biometric authentication capabilities.
In some cases, devices may possess the requisite hardware for biometric authentication, but this BiometricPrompt can only be employed if users have registered their biometric information in their devices’ security settings.
Moving on, if the canAuthenticate() is implemented, it will return the following results:
Once you have completed the authentication process, you can check the authentication type by calling getAuthenticationType() to see if the user has authenticated using a device or biometric credential.
In this case, the getAuthenticationType() will provide the following results:
Once we have determined that the user’s device has been authenticated, we can display a default system prompt requesting the user to authenticate using biometric credentials. This system-generated prompt is consistent across the apps that use it, thus creating a seamless user experience.
Here’s how you can show the login prompt:
The PromptInfo is developed using a builder class, BiometricPrompt.PromptInfo.Builder, which also populates it with the title, subtitle, and description.
Now, you can initialize the BiometricPrompt and handle the callbacks with a custom listener from the calling activity.
What does the above code snippet in Android achieve? It creates an executor to handle callback events and the callback object to obtain authentication events on Error, Failed, or Success. Then it updates custom listener methods with results and error messages. Finally, it returns a biometric prompt using the activity instance, executor, and callback reference.
You might be now wondering how to display the biometric prompt. Here’s how it’s done:
And that is how you can build a biometric passwordless solution using BiometricPrompt. Now, isn't that awesome?
You also can further boost app security and sensitive data (and yes, we thought it best to surprise you with this 😆). So, now, coming to the question on your mind, how to boost app security even after biometric authentication? Well, the answer is adding cryptography to the biometric authentication workflow. But, good things take time, so keep a lookout for the sequel to biometric authentication in Android!