I am trying to write an app using flutter or android studio. The user will login to the app using his fingerprint.
I want to read the fingerprint and save it in a database like firebase. When the user enters his fingerprint, I want to be able to read it my database as a string in order to encrypt later for security purpose
Is it feasible to save the data of the fingerprint in firebase?
You need to use the biometric_storage package along with the local_auth package. biometric_storage will let you store it in firebase.
https://pub.dev/packages/biometric_storage
Related
I have an app, that on the first start generates a random user id and password to set up an account on my server and store them in the shared preferences.
I am looking for a way to write this data into the cloud so that if the user installs the app on a second device it will retrieve this account data and use them on the second device as well.
On iOS, this is a trivial task but I am still trying to figure out how to achieve this on Android. I tried an approach with Firestore, but it seems to be able to write to the Firebase database, the user has to log in with Firebase. I assumed being logged in to a Google Account on the device would do this, but I still get invalid permissions back when writing data.
I do not want to force the user to a separate login.
Any ideas on how to approach this task? Is it possible on Android at all?
I have an app, that on first start generates a random user ID and password to set up an account on my server and store them in the shared preferences.
If you have your own server where you authenticate the users, and you also want to authenticate to Firebase, then I recommend you check:
Custom Authentication System
I am looking for a way to write this data into the cloud so that if the user installs the app on a second device it will retrieve this account data and use them on the second device as well.
You just should never simply store the credentials in Firestore. Storing passwords in cleartext is one of the worst security risks you can inflict on your users. You should either use authentication with your custom system or use one of the existing providers, like Google, Facebook, etc.
I tried an approach with Firestore, but it seems to be able to write to the database, the user has to log in with Firebase.
It's recommended to authenticate the user in Firebase before reading/writing data from/to Firestore because you can secure your database using Firestore Security Rules.
P.S. Don't store data in ShartedPreferences because this type of data is stored locally and doesn't persist application uninstalls.
I have been trying to implement a login screen that takes a username and password.
Once the user has logged in once I want him to have the ability to login with the device owner's fingerprint.
I was wondering what would be the correct way of handling this login.
I could encrypt the username and password and save those to shared preferences and once a fingerprint that is authorized is entered I will insert the decrypted username and password (I am looking for a solution like ios keychain).
Should I go with this approach or there is a programmatic way to get the names and passwords.
I have already used a library which verifies if the fingerprint is recognized you can see it here:
https://proandroiddev.com/5-steps-to-implement-biometric-authentication-in-android-dbeb825aeee8
https://github.com/anitaa1990/Biometric-Auth-Sample
There are many way to create an authentication app. Using SharedPreference is also a way to create such apps. But, one limit of SharedPreference is it can only storage data in limited
memory space and data is offline (data is stored in local machine and can be lost if you uninstall app). There are many online library for online authentication, if you are learning or developing a small app then I recommend you to use Firebase Authentication. It can help you create user account, authenticate user by mail, phone number,...and also link to real time database, storage on cloud and many other services (if you need). Please refer following link to get more information about firebase!
https://firebase.google.com/docs/?authuser=0
I started to writing my first Android App.
I've tried to create a simple system which will allow user to get info, if he will authenticate with fingerprint.
I wrote fingerprint auth system to get confirmation if user is registered in the phone, but my question is: Is there any option to get "hash" of the fingerprint and store it for ex. in database to check if user should have access to the app?
I mean:
Database key: 123123123123ASDASDASDASD
Fingerprint key: 123123123123ASDASDASDASD
User has access to the app.
If read fingerprint key not equals stored in database, user doesn't have access to the app.
Is this even possile? - is there any other option to create system like above?
By DB, are you talking a local DB or a remote one? If remote- that's a horrible and insecure idea. You should never use a fingerprint to authorize someone on a remote device- all I need to do is get a copy of someone's fingerprint, pretend its mine, and send it as the hash to gain access. Fingerprint capture and authentication needs to be done on the same device.
If local its still a bad idea. All the functionality you need is built into the fingerprint and account APIs. Use them. Don't store people's private biodata in unsecured storage (a db is unsecured storage).
I am working on an android application connected with firebase.
As we know that the api key and database name as being stored in strings.xml in apl file so they can be easily extracted.
As I told one of my friend his email-id and password for testing purpose.
The issue is that he was able to see all the data in the firebase realtime database by using the restAPI.
I had used sha1 but since the firebase is responding to the other links.
Is there any other way in which the firebase will respond to the request generated by the android app and not any web or ios.
Credentials for accessing Firebase are not platform specific. Once you know the credentials of a user, you can access the platform as that user.
For this reason you should never share your credentials with someone else, but instead give them access to your project with their credentials.
The simplest way to fix your problem now is to change the password of your account. After doing that, the other user will lose access within an hour.
The configuration data that is added to your Android app through google-services.json is just configuration data. It is in no way meant as authentication for your app. For more on this see Is it safe to expose Firebase apiKey to the public? and How to prevent other access to my firebase.
I am building a smart lock, which can be controlled through an Android mobile application. I want to add a new user, this new user will have a name,email and a password. I want to store these details in a database at firebase, using the data from the database I want to login using email and password from android app, also I want to view the list of all the users registered from the android app, update their details, delete a user. I just know how to create authentication using email and password only, but I cannot view them or delete them or change its credentials from the android app.
Later I have same problem. You can use Firebase Database. To add it you must open tools tab in android studio and connect app to firebase by instruction. Then you just write code. Look at this
.
As I say create app with "same" functional and at this link you can see my firebase helper class you can see all code that you need.