Can we use the FingerprintManager in Android M (API 22) to identify (along with authorize) the user?
For example, there are two finger prints registered in the device, one for user A and one for user B. Does the API provide support to detect which user, A or B, just logged in?
No. In fact, the Android Compatibility Definition for Android 6.0 states in the Fingerprint section (7.3.10):
MUST NOT enable 3rd-party applications to distinguish between individual fingerprints.
Therefore while you could write an app that uses the fingerprint as a mechanism to authenticate the user, any registered fingerprint associated with the current user account could be used.
Android Fingerprint method does not provide fingerprint name or Any unique identity. it treated each registered fingerprint equally and just authenticate only. (valid user or invalid user that's it)
Storage
The fingerprints are tied to the device (from the Nexus FAQ):
Your fingerprint data is stored securely and never leaves your device. Your data is not shared with Google or any apps on your device.
Therefore there is no way for an app to access the fingerprint data to be able to save it or use across the devices.
Suggestion :
To distinguish multiple users or devices, you should use external fingureprint scanner. There's some external fingerprint scanners compatible with Android Platform and with SDK for Android. These SDKs allow to enroll and verify multiple users.
Related
I am a beginner in android development.I want to create an application having Finger authentication.I want to register multiple users(50) finger prints using finger sensor of phone.Also i want to authenticate it when user logins.Can anyone help us?
FingeprintManager only has these 3 features:
authenticate : for authenticating user
hasEnrolledFingerprints : Determine if there is at least one fingerprint enrolled.
isHardwareDetected : Determine if fingerprint hardware is present and functional.
you can check FingerPrintManager docs here :
https://developer.android.com/reference/android/hardware/fingerprint/FingerprintManager.html
As per Nexus FAQs
Your fingerprint data is stored securely and never leaves your Pixel
or Nexus phone. Your fingerprint data isn't shared with Google or any
apps on your device. Apps are notified only whether your fingerprint
was verified.
which explains very well that you can use fingerprints for verification purpose only. Its just an alternative to any app lock available in marketplace.
I understand how to authenticate users via Fingerprint Authentication using Android SDK. But it only tells if the fingerprint matches one of the enrolled fingerprints or not - i.e. a boolean.
I want to make it so that it gives me the fingerprint image as well, so I can extract the information against that fingerprint, i.e. userId, name, etc stored in the database.
For example:
I have 3 users: Admin, Teacher, Student.
I should be able to use the built-in fingerprint reader to be able to determine if the user is identified as an Admin, Teacher or Student, and give the app access rights accordingly.
The app will be deployed to only ONE device that is accessible to all users, so the application should be responsible to control the limit of number of fingerprints that can be registered.
Is it possible with the built-in fingerprint reader of the device?
I want to make it so that it gives me the fingerprint image as well
That is not supported by Android's fingerprint APIs, for privacy reasons.
I should be able to use the built-in fingerprint reader to be able to determine if the user is identified as an Admin, Teacher or Student, and give the app access rights accordingly.
Each of those individuals should have a separate device account. Then each of them has a separate copy of your app, in effect. So long as each of those accounts get configured in your app with the proper role, the identification process is handled for you by the OS.
I'm implementing fingerprint authentication in an existing Android application making use of FingerprintManagerCompat. I used a tutorial as guidance that can be found here.
(android.support.v4.content.ContextCompat)
As FingerprintManagerCompat makes use of saved fingerprints on the mobile device, any fingerprint on the device can be used to login to the application.
Is it possible to see which one of the fingerprints on the device were used to unlock and if so is there a method to get all saved fingerprints that are available on the device?
I looked around for information on if this is possible and I cant seem to find anything. I have found that Samsung Pass SDK does have functionality to see what fingerprint is used but the product owner does not want the me to use Samsung's Pass SDK as his penetration testing team found that it is not very secure.
Is there a method to get all saved fingerprints that are available on the device?
No.
Is it possible to see which one of the fingerprints on the device were used to unlock
No.
However, there are some limitations to which fingerprints can be used to authenticate within your app. The result of a fingerprint authentication is that you make a cryptographic key available to perform some cryptographic operation (e.g. creating a digital signature). So when you add a user in your app you'd typically create a cryptographic key that you associate with that user. Then later on when the user wants to perform some action that requires him/her to be authenticated, you do the fingerprint authentication, which gives you access to the key, which use can use to do whatever it is that you need to do to verify that the user should be allowed to perform the action.
What happens when a new fingerprint is enrolled is that any existing cryptographic keys that require fingerprint authentication will be permanently invalidated.
That leaves us with the scenario where there are multiple enrolled fingerprint before the user is added in your app. I'm not aware of any way to do anything about this with the current APIs. So the best you can do might be to add some step in your fingerprint-enabling UI flow where the user is asked to verify that only they have enrolled a fingerprint on the device (e.g. by checking a checkbox or clicking a button).
I am new to fingerprint authentication in smartphones. As we know Samsung S5 currently supports fingerprint scanner. Is it possible to develop a custom application that can use the scanner to authenticate a user? I just need to know the identity of the user and if he has been authenticated correctly. My app can then take it from there and integrate with backend.
Google has now announced a generic fingerprint API for Android that can be utilised by any custom apps for authorisation and not just the native Google apps. It looks like the future is just getting brighter!
Taken from the Android Developers page linked below:
"To authenticate users via fingerprint scan, get an instance of the new FingerprintManager class and call the authenticate() method."
However you must also include this permission:
<uses-permission android:name="android.permission.USE_FINGERPRINT" />
If you want to find out more information then visit this URL and scroll down to Authentication:
https://developer.android.com/about/versions/marshmallow/android-6.0.html#fingerprint-authentication
Samsung provides Pass API to register, request and validate fingerprints. Its in here SAMSUNG FINGER PRINT API. There is a sample program too.
Fingerprint API preview for Android M is found here with Sample App. As of this writing, Android Compatibility Definition for Android M hasn't been published. So, if fingerprint sensor, the key hardware component of the fingerprint framework, is left as a "SHOULD" requirement (most likely to be true), then OEMs decide either to incorporate the sensor or not. But, since Android Pay is strongly ties to finger print framework, this may drive OEMs to include the fingerprint sensor.
I found this in google samples which demonstrates how you can use registered fingerprints in your app to authenticate the user before proceeding some actions such as purchasing an item.
First you need to create a symmetric key in the Android Key Store using KeyGenerator which can be only be used after the user has authenticated with fingerprint and pass a KeyGenParameterSpec.
By setting KeyGenParameterSpec.Builder.setUserAuthenticationRequired
to true, you can permit the use of the key only after the user
authenticate it including when authenticated with the user's
fingerprint.
Then start listening to a fingerprint on the fingerprint sensor by
calling FingerprintManager.authenticate with a Cipher initialized with
the symmetric key created. Or alternatively you can fall back to
server-side verified password as an authenticator.
Once the fingerprint (or password) is verified, the
FingerprintManager.AuthenticationCallback#onAuthenticationSucceeded()
callback is called.
It requires SDK V23. AFAIK its not useful for Samsung S5 but it might help others to use this feature.
I need to create an application that scans fingerprints and authenticates them. I can't find anything about fingerprint permissions on the Android website.
Is it possible to use a phone's fingerprint scanner for a regular application? If so, what is the limit on the number of fingerprints it can store (I'd prefer to store them on the phone itself)
Thanks
Fingerprint scanner is not a feature in Android (Now available on Android M).
So each company as Samsung, Motorola, HTC create is own API and SDK to access to fingerprint sensor.
For instance Samsung provide a SDK http://developer.samsung.com/galaxy#pass
Pass SDK allows you to use fingerprint recognition features in your
application. With Pass SDK, you can provide reinforced security, since
you can identify whether the current user actually is the authentic
owner of the device.
If you want to enroll multiple users and check users in your app, it's not possible with Samsung device. You could only check owner of device.
I don't know SDK of other companies.
UPDATE
Android M have new FingerPrint API:
https://developer.android.com/about/versions/marshmallow/android-6.0.html#fingerprint-authentication
Android M preview introducing FingerPrint scanner API.
You can checkout example for this here :
https://github.com/googlesamples/android-FingerprintDialog/
I needed a similar functionality and my solution was to use an external scanner instead of use a device with integrated fingerprint scanner. There are several companies which offer integration with mobile phones through SDKs. You should research through out the next companies on google:
Nitgen: http://www.nitgen.com/eng/product/Hamster3.html#a2
Secugen: http://www.secugen.com/products/sdk_pro.htm#android
Tactivo: http://precisebiometrics.com/smart-card-reader/android/
In my case I used Secugen, but feel free to use the suitable device for your solution. Notice that this solution could make your project cheaper because you don't need to use an expensive mobile phone, the only feature that the phone needs it's having a USB OTG (On-The-Go).
I know this solution it's a bit different from what your were asking for but I believe that it could be interesting for you too.
You can opt to use an external Fingerprint Scanner and be able to Enrol Biometric Fingerprints from Persons you are Registering then proceed to save the Biometric Fingerprint Data and Person's particulars in your Android Phone. In my case I used a DigitalPersona type 4500 Fingerprint Scanner and used the Crossmatch API for Fingerprint Capture.
This is actually the easiest and feasible way for you if you want to succeed at Capturing Biometric Fingerprint Data and Save it in your Android Phone from more than one Individual. In fact what can limit you from enrolling more Biometric Data from various Enrollees will be the memory size constraints of your Android Mobile Phone / Device. This you can however easily circumvent by integrating your Android Biometric Authentication App with an external RDBMs Centralized Database of your Organisation like an MSSQL, Oracle, MySQL, PostgreSQL etc.
If it pleases you, you can choose to use the Source AFIS API to implement it with much ease. For motivation you can check out this project's web page here at [Android Biometric Authentication using External USB Fingerprint Scanner][2] that I developed [here][2].
See screenshots I have attached below for Fingerprint Authentication when the result is a MATCH FOUND and when the result is MATCH NOT FOUND. I have also included a screenshot for when FINGERPRINT ENROLLED.
I designed the User Interface ( GUI) that is reusable on Android Mobile Phone screens of various screen sizes for both Fingerprint Enrollment and Fingerprint Authentication. You can design your own interface anyway but in my case I wanted to be able to display the Person's Fingerprint during Authentication and I added an Activity for swapping Fingerprint Images on display after Finger Touch event is fired if Person places Finger on Fingerprint Scanner.
Happy coding.
[2]: https://jomutech.com/androidexternalfingerprintscanner/
Simple answer is NO.
But you can integrate it by Implementing Google's fingerprint recognition introduced in Android M which only supports 5 attempts at a time, if all the attempt fails your device finger print reader will be blocked for 30 seconds, then after that duration you can authenticate with the fingerprint again.
For example you are using an 2 app(A & B) with finger print support. Then you enter 3 incorrect fingerprints and then you close the app A, then you open the app B so there are total 5 attempts available within 30 seconds so your app can only authenticate 2 times because app A took 3 attempts hence after 2 unauthorized attempts the OS blocks the reader for all apps.
So wait for 30 seconds or ask the user to enter pin or passcode accordingly if the user doesn't wants to wait for that amount of time.
Hope this helps.