I want a cheap Biometric system using any (cheap) Android mobile in which whoever presses the thumb, my android code should get authenticated callback with some unique person code(this is optional though).
But question is whether we can change the Android setting to allow storing of 100-500 people's finger prints? Usually mobiles only allow upto 5 fingerprints to be stored.
my android code should get authenticated callback with some unique person code
Android does not support this. You only find out whether the user authenticated or not.
whether we can change the Android setting to allow storing of 100-500 people's finger prints?
Android does not support this.
Related
Well this is a question which many of them have asked. But it seems that there is no way we can read finger print scan and save it to our local database (as the answers in those questions suggest here: https://stackoverflow.com/a/36022446/5675550 , https://stackoverflow.com/a/38179087/5675550).
I have made a sample app which scans user's finger print and authenticates users buy using android's native FingerprintManager.
I still want to know whether it is possible to read finger print and save it to the app's database and and maintain multiple user authentication. Like for example if User1 taps his finger print, the app should identify as User1 and if User2 does the same, the app should identify as User2.
It's possible with an external fingerprint readers with specific SDK, for instance:
https://www.crossmatch.com/biometric-identity-solutions/products/hardware/single-finger-modules/
https://www.morpho.com/fr/terminaux-biometriques/capteurs-de-bureau/capteurs-dempreinte-usb/morphosmart-serie-300
Or with specific Android Devices with specific SDK, for instance:
http://logic-instrument.com/fr/fieldbook-m-series.php
https://www.coppernic.fr/pda/c-one-e-id/
It's not possible on consumer market devices.
I am making an app and I want to know the overall jist to make it so you can sign in with your phone number. For example, in the app Down to Lunch (an app to invite your friends to get food), once you download it, the first thing you do is sign in with your phone number. From then on, your number is how you are identified in the app. What I want to know is once you submit that number, is it added to a table in a database? Then when a new user registers, that number must go through and check against every number in that table to make sure it is different? If so, wouldn't that take long for a large user base (like a social network) or is that just what databases are capable of doing? (more specifically amazon web services, because I would use their relational database service, im guessing)
You can use library called DIGITS and which is available on Fabric
Digits lets people create an account or sign into your app using nothing but their phone number on iOS and Android. Built using the same global, reliable infrastructure Twitter uses, Digits will verify the user’s phone number with a simple customizable user interface that easily integrates into your app.
Refer below links:
DIGITS - Sign in with Phone Number
How to configure to app
Technical answer
Facebook, Twitter and Truecaller provide free SDKs which you can include in your app to provide phone number based login into your app. What these SDK do is to authenticate an entered phone number (via OTP verification) and nothing more. Hence you can have a phone number OTP verification gateway as soon as user start your app. Using any one of these SDKs, you can know if the phone number verification happened successfully or not. From here on, you have the control of the application. You will be handling user base. You will keep track of user profile, friends, redundancy check (returning user check), etc.
Business answer
For developing something humongous like a social network, you would want to segregate user ids from the start. You would also want to study more on computer science subjects like Data Structure. Obviously, you can never develop a perfect application. Even if you try doing so upfront, there's a greater chance that new technologies have come up and your perfect solution isn't perfect anymore -- within 2 months. Hence, implement a feasible solution first, which is a perfect tradeoff between perfection and time remaining for your case and your predictive growth.
Important links
Phone number OTP verification services:
Twitter Fabric Digits: https://get.digits.com/
Facebook's OTP verification: https://developers.facebook.com/docs/accountkit
Truecaller: https://www.truecaller.com/developer
I'm trying to add OTP functionality for sign in, in my android app. I'm using node.js for the backend. Now, first I thought about generating random numbers like math.random().
I can easily generate PTPs on my server side and I will store them in my MongoDB datastore then I'll match them when user enter the OTP, but now I came across these prebuild modules for OTP this one Speakeasy https://www.npmjs.com/package/speakeasy.
There are two types of methods HOTP/TOTP. I am asking why would anyone use these two and just not using random numbers.I mean what are the use of HOTP/TOTP? If anybody has designed OTP functionality in any app/website please enlighten me.
UPDATE
What is the general way of OTP authentication on any android device from the server I mean apps like zomato, Airbnb how do they do OTP verification of the user?
These OTPs prove "I am in possession of this device that generates OTPs."
In the broadest sense, it could be a statement involving a device that doesn't even have Internet access. HOTP and TOTP are algorithms that you can use offline. Both the device and the server generate the code independently:
code = f(shared secret, common info)
That shared secret only has to be set up once, e.g. by being baked into a hardware dongle or scanned in a QR code when you set up two-factor authentication. The common info is something that both the server and the dongle can determine each time you log in, e.g. the number of times you've logged in before or the current time and date.
Using an actual random number would require your service to deliver that random number to the device. Which if you're developing for an audience that has smartphones, isn't too wild of an idea. Google's two-factor authentication, for example, supports sending a notification to your phone and you just click a button to allow the login.
One more thing, a practical consideration: using an existing scheme like TOTP makes it easier for anyone trying to reason about how secure the system is. If they already understand TOTP, they can move on to examining other parts of the system you're building.
Is it possible to use the built in PIN/Password/Pattern in android for Android applications?
For instance, if a pin were set on the phone...it could be used to unlock an application. Otherwise, the user would have to set a pin for the application and/or phone.
I don't believe so and I hope they don't add one.
There are trusted path issues with allowing apps to request entry of the user's PIN.
The phone needs to make sure that apps don't keylog and exfiltrate PINs or administrative passwords, so user's need to be trained to only enter their PIN/password into a user-interface that sends events only to the OS. This is similar to the way that the Windows login is only displayed after Ctrl-Alt-DEL, a key sequence that is guaranteed to remove window focus and so stop the flow of key events to user-ring code.
Even providing an API that allows applications to request that the user confirm their administrative secrets weakens security by training users to enter important secrets in a variety of situations instead of only after Ctrl-Alt-DEL or other OS trapped sequence.
You could definitely make your own, but I don't think you can utilize the one from the OS.
I am currently building a system for mobile phones, the system requires some sort of a login sequence and at the moment I am just using an MD5 generated API which is connected to the user in the database but this is using sessions and so on and has so far proven to not be as good as I had hoped, so now I am trying to build a new login where the user enters the API once and the system detects some sort of ID from the phone, like the SID or MIN or something like that, I have no idea this is possible or not. So to recap
Is what I have described possible?
What is the most reliable ID that I could fetch from the mobile device?
How would I go about fetching this ID?