I have search lot on internet/stackoveflow how to add fingerprint from custom app but couldn't found any clue
In short Requirement - I am creating app that will allow user to enter into my app by scanning fingerprint.
I have check code that will scan finger on sensor and return fingerprint data already set by user (He/She set from setting) but in case if there are multiple finger set by multiple user than my app allow all the user to enter into my app which i don't want
What I want - Code that add fingerprint from my app and allow only that user not all the user to enter into my app
Now some question -
is it possible to do this?
is there any other way to archive this
is this secure way to do so because my application is banking
related
but in case if there are multiple finger set by multiple user than my app allow all the user to enter into my app which i don't want
You have no way of distinguishing between "multiple finger set by multiple user" and "multiple finger set by one user". Most people have more than one finger.
Code that add fingerprint from my app and allow only that user not all the user to enter into my app
You can require that the person holding the device scan their fingerprint and have that be authenticated against registered fingerprints. You have no way of knowing who the person is who scanned their fingerprint and their relationship with the owner of the device. It might be the owner, or it might not. That is up to the device owner, not you.
This is no different than most other forms of authentication. For example, if your app required a custom PIN, and the user shared that PIN with somebody else, that is the user's choice. It may be a stupid choice, or it may not (e.g., it is shared with a spouse).
Related
I am a newbie in android development
I am developing an android app that allow people using fingerprint to check-in. The idea is, for instance, a class need student check-in on time everyday. Student have to register their fingertip to identify with application.
I don't know whether android support my application? I just saw that fingerprint identify using registered user's finger.
Could you please help me some idea?
Thank you so much.
Android supports detecting more than one fingerprint.
Eg:Coolpad note 3 detects 5 different fingerprints and we can assign different actions to each fingerprint.
i.e one for unlock screen,one for camera.
Detecting and authentication of different fingerprint is based on how you code your application.So go forward.
You can find here the code for the implentation of Fingerprint authentication in an app
remember one thing that,here you can login in your app only using the fingerprint that you have used for the device's screen lock.
Android authorizes or verifies a user if the fingerprint was previously registered through Android settings. Meaning, you can't add new fingerprints through your app.
The KeyStore save all the keys and use the Keystore private key to sign transactions / data. Meaning, you cannot differentiate users through your app.
Im developing an android application for the first time (no prior experience whit coding....). Mainly the app is going to be used at work as a tool for service technicians. The app is almost ready for field testing, but there is one thing i need the app to do before that. I need the app to force the user to log in every time its opened. This is because some of the info on the app is confidential, and only people that currently works for the company is allowed to have this info. Whit firebase i can then block the users that leave the company, or users that are not verified. Currently the users sign in whit google and they stay signed in until they clear the app data or delete it.
I have looked far and wide for the answer to this, but i have only come across different use of timers.
If anyone has a better solution to this "safety" issue, im open to anything.
If you are using Google Sign-In for authentication, there is no out of the box support for forcing your user to authenticate with Google every time they use your app.
This makes sense, because the user is still authed with Google on your phone. A login system only authenticates the user; it doesn't inherently protect data stored on the device. As long as Google has a valid access token, the user won't have to type a username and password again (and simply clicking "login with Google" again doesn't really provide extra protection here).
If your primary concern is blocking access to users who have left the company, you should be covered if you are using Google Apps for your company. If you disable the user's account, their access tokens should become invalid. Google Apps admins can also manually revoke access to specific apps for specific users.
If you don't use Google Apps (e.g. your users are using #gmail.com accounts or accounts from a domain outside fo your control), you might want to consider implementing a list of users allowed to access the application, and verify the current user has access by checking that list via an API call on launch.
If the goal is really protecting the confidential information in the application, you might want to take an approach similar to Android Pay in which you require your user to set and enter a PIN number to access the application. As an added benefit, you can then use that PIN to encrypt any confidential data you are storing locally.
I will suggest you take a look into shared preferences and every time when the user is back into the app you send them to the login activity.
I'm implementing fingerprint authentication in an existing Android application making use of FingerprintManagerCompat. I used a tutorial as guidance that can be found here.
(android.support.v4.content.ContextCompat)
As FingerprintManagerCompat makes use of saved fingerprints on the mobile device, any fingerprint on the device can be used to login to the application.
Is it possible to see which one of the fingerprints on the device were used to unlock and if so is there a method to get all saved fingerprints that are available on the device?
I looked around for information on if this is possible and I cant seem to find anything. I have found that Samsung Pass SDK does have functionality to see what fingerprint is used but the product owner does not want the me to use Samsung's Pass SDK as his penetration testing team found that it is not very secure.
Is there a method to get all saved fingerprints that are available on the device?
No.
Is it possible to see which one of the fingerprints on the device were used to unlock
No.
However, there are some limitations to which fingerprints can be used to authenticate within your app. The result of a fingerprint authentication is that you make a cryptographic key available to perform some cryptographic operation (e.g. creating a digital signature). So when you add a user in your app you'd typically create a cryptographic key that you associate with that user. Then later on when the user wants to perform some action that requires him/her to be authenticated, you do the fingerprint authentication, which gives you access to the key, which use can use to do whatever it is that you need to do to verify that the user should be allowed to perform the action.
What happens when a new fingerprint is enrolled is that any existing cryptographic keys that require fingerprint authentication will be permanently invalidated.
That leaves us with the scenario where there are multiple enrolled fingerprint before the user is added in your app. I'm not aware of any way to do anything about this with the current APIs. So the best you can do might be to add some step in your fingerprint-enabling UI flow where the user is asked to verify that only they have enrolled a fingerprint on the device (e.g. by checking a checkbox or clicking a button).
I have added fingerprint recognition to gain access to my android app using the Google Sample found here http://developer.android.com/samples/FingerprintDialog/index.html. Everything works as expected but I am just thinking that if someone has the phone and adds a new fingerprint then they gain access to the app. How can I prevent this? Do I need to register the fingerprints within the app and then check against those?
You can't do this but hopefully no one would be able to add a fingerprint to the phone that should not be able to access your application.
If you want fingerprint authentication to unlock the app for convenience but also allows to enter a password or PIN, then your can add an option in the settings of the app to let the user choose if they want to Enable Unlock with Fingerprint's Registered on the Phone or simply always type their password. (Default set to password only)
I think this may not be the right question for this forum, but I could not think of where else to post it.
However, here goes. I am creating a dating app in android. One of the major hurdles I am facing is user authentication and verification.
Put simply, how do I ensure that a user is who he/she really says he is? How do I prevent, or reduce people creating fake profiles on the app? One way to do this would be to force the user to connect with his facebook account, but again, fake facebook profiles can be created.
Is there any other good method to ensure user verification?
The best way I can think of, although not fool proof, would be when the user creates an account it sends them an email where they need to click a link. Clicking the link can ask for some confirmation of something, such as their chosen username and or the first name and last name etc. If they fill in this information from the email, they're probably legit and you can mark the account as active within the database. If after x number of days delete any accounts that have not been verified.