I am currently working on a fingerprint application in Android. When I enter a fingerprint I want to link it to a SQL data and, when that person is logged in, show their information from my SQL database.
How can I connect this fingerprint with a database?
There is no method to get fingerprint id from the sensor. So your idea of storing fingerprints in database won't work.
Your fingerprint is secure and it is not share with Google.
For further details check the Android documentation for fingerprint
https://developer.android.com/about/versions/marshmallow/android-6.0.html
Related
I am trying to write an app using flutter or android studio. The user will login to the app using his fingerprint.
I want to read the fingerprint and save it in a database like firebase. When the user enters his fingerprint, I want to be able to read it my database as a string in order to encrypt later for security purpose
Is it feasible to save the data of the fingerprint in firebase?
You need to use the biometric_storage package along with the local_auth package. biometric_storage will let you store it in firebase.
https://pub.dev/packages/biometric_storage
I have been trying to implement a login screen that takes a username and password.
Once the user has logged in once I want him to have the ability to login with the device owner's fingerprint.
I was wondering what would be the correct way of handling this login.
I could encrypt the username and password and save those to shared preferences and once a fingerprint that is authorized is entered I will insert the decrypted username and password (I am looking for a solution like ios keychain).
Should I go with this approach or there is a programmatic way to get the names and passwords.
I have already used a library which verifies if the fingerprint is recognized you can see it here:
https://proandroiddev.com/5-steps-to-implement-biometric-authentication-in-android-dbeb825aeee8
https://github.com/anitaa1990/Biometric-Auth-Sample
There are many way to create an authentication app. Using SharedPreference is also a way to create such apps. But, one limit of SharedPreference is it can only storage data in limited
memory space and data is offline (data is stored in local machine and can be lost if you uninstall app). There are many online library for online authentication, if you are learning or developing a small app then I recommend you to use Firebase Authentication. It can help you create user account, authenticate user by mail, phone number,...and also link to real time database, storage on cloud and many other services (if you need). Please refer following link to get more information about firebase!
https://firebase.google.com/docs/?authuser=0
I started to writing my first Android App.
I've tried to create a simple system which will allow user to get info, if he will authenticate with fingerprint.
I wrote fingerprint auth system to get confirmation if user is registered in the phone, but my question is: Is there any option to get "hash" of the fingerprint and store it for ex. in database to check if user should have access to the app?
I mean:
Database key: 123123123123ASDASDASDASD
Fingerprint key: 123123123123ASDASDASDASD
User has access to the app.
If read fingerprint key not equals stored in database, user doesn't have access to the app.
Is this even possile? - is there any other option to create system like above?
By DB, are you talking a local DB or a remote one? If remote- that's a horrible and insecure idea. You should never use a fingerprint to authorize someone on a remote device- all I need to do is get a copy of someone's fingerprint, pretend its mine, and send it as the hash to gain access. Fingerprint capture and authentication needs to be done on the same device.
If local its still a bad idea. All the functionality you need is built into the fingerprint and account APIs. Use them. Don't store people's private biodata in unsecured storage (a db is unsecured storage).
I've been reading documentation that Android and IOS's fingerprint scanning API stores the user's encrypted fingerprint locally. Is it possible to build an application that captures the user's fingerprint, encrypt it like a password and store it in the cloud?
If this isn't possible, are there any suggested workarounds people have explored in the past?
Thanks.
No, you can't get this info out of the device. All you're able to do is validate whether the fingerprint provided by the user matches one that's enrolled in the device. It's basically binary. The finger is recognized or not.
Typically what you want to do is store some kind of generated token in Keychain or other secure storage; after the user locally authenticates with their fingerprint, you use that stored token to authenticate the user with your server.
According to this website, it says there is a hashed value for fingerprints. Is there a way to access this hashed value?
http://www.engadget.com/2013/09/22/iphone-5s-fingerprint-sensor-gets-completely-misunderstood/
What about Android?
Thanks for help in advance
Fingerprint data is encrypted and protected with a key available only
to the Secure Enclave. Fingerprint data is used only by the Secure
Enclave to verify that your fingerprint matches the enrolled
fingerprint data. The Secure Enclave is walled off from the rest of
the chip and the rest of iOS. Therefore, iOS and other apps never
access your fingerprint data, it's never stored on Apple servers, and
it's never backed up to iCloud or anywhere else. Only Touch ID uses
it, and it can't be used to match against other fingerprint databases.
https://support.apple.com/en-us/HT204587