I need to create an application that scans fingerprints and authenticates them. I can't find anything about fingerprint permissions on the Android website.
Is it possible to use a phone's fingerprint scanner for a regular application? If so, what is the limit on the number of fingerprints it can store (I'd prefer to store them on the phone itself)
Thanks
Fingerprint scanner is not a feature in Android (Now available on Android M).
So each company as Samsung, Motorola, HTC create is own API and SDK to access to fingerprint sensor.
For instance Samsung provide a SDK http://developer.samsung.com/galaxy#pass
Pass SDK allows you to use fingerprint recognition features in your
application. With Pass SDK, you can provide reinforced security, since
you can identify whether the current user actually is the authentic
owner of the device.
If you want to enroll multiple users and check users in your app, it's not possible with Samsung device. You could only check owner of device.
I don't know SDK of other companies.
UPDATE
Android M have new FingerPrint API:
https://developer.android.com/about/versions/marshmallow/android-6.0.html#fingerprint-authentication
Android M preview introducing FingerPrint scanner API.
You can checkout example for this here :
https://github.com/googlesamples/android-FingerprintDialog/
I needed a similar functionality and my solution was to use an external scanner instead of use a device with integrated fingerprint scanner. There are several companies which offer integration with mobile phones through SDKs. You should research through out the next companies on google:
Nitgen: http://www.nitgen.com/eng/product/Hamster3.html#a2
Secugen: http://www.secugen.com/products/sdk_pro.htm#android
Tactivo: http://precisebiometrics.com/smart-card-reader/android/
In my case I used Secugen, but feel free to use the suitable device for your solution. Notice that this solution could make your project cheaper because you don't need to use an expensive mobile phone, the only feature that the phone needs it's having a USB OTG (On-The-Go).
I know this solution it's a bit different from what your were asking for but I believe that it could be interesting for you too.
You can opt to use an external Fingerprint Scanner and be able to Enrol Biometric Fingerprints from Persons you are Registering then proceed to save the Biometric Fingerprint Data and Person's particulars in your Android Phone. In my case I used a DigitalPersona type 4500 Fingerprint Scanner and used the Crossmatch API for Fingerprint Capture.
This is actually the easiest and feasible way for you if you want to succeed at Capturing Biometric Fingerprint Data and Save it in your Android Phone from more than one Individual. In fact what can limit you from enrolling more Biometric Data from various Enrollees will be the memory size constraints of your Android Mobile Phone / Device. This you can however easily circumvent by integrating your Android Biometric Authentication App with an external RDBMs Centralized Database of your Organisation like an MSSQL, Oracle, MySQL, PostgreSQL etc.
If it pleases you, you can choose to use the Source AFIS API to implement it with much ease. For motivation you can check out this project's web page here at [Android Biometric Authentication using External USB Fingerprint Scanner][2] that I developed [here][2].
See screenshots I have attached below for Fingerprint Authentication when the result is a MATCH FOUND and when the result is MATCH NOT FOUND. I have also included a screenshot for when FINGERPRINT ENROLLED.
I designed the User Interface ( GUI) that is reusable on Android Mobile Phone screens of various screen sizes for both Fingerprint Enrollment and Fingerprint Authentication. You can design your own interface anyway but in my case I wanted to be able to display the Person's Fingerprint during Authentication and I added an Activity for swapping Fingerprint Images on display after Finger Touch event is fired if Person places Finger on Fingerprint Scanner.
Happy coding.
[2]: https://jomutech.com/androidexternalfingerprintscanner/
Simple answer is NO.
But you can integrate it by Implementing Google's fingerprint recognition introduced in Android M which only supports 5 attempts at a time, if all the attempt fails your device finger print reader will be blocked for 30 seconds, then after that duration you can authenticate with the fingerprint again.
For example you are using an 2 app(A & B) with finger print support. Then you enter 3 incorrect fingerprints and then you close the app A, then you open the app B so there are total 5 attempts available within 30 seconds so your app can only authenticate 2 times because app A took 3 attempts hence after 2 unauthorized attempts the OS blocks the reader for all apps.
So wait for 30 seconds or ask the user to enter pin or passcode accordingly if the user doesn't wants to wait for that amount of time.
Hope this helps.
Related
From my last posted question below,
Not getting any idea about the workflow of managing an android device from another device using an pre installed android in both devices
I am here today with new problem. I used android management api to create enterprise, enrolling a device with device policies(Used the sample provided in here a link. But what I am trying to achieve I am not getting it. I want the app to be able to disable all normal apps and camera when parent app blocks them in childs device from its own device using android management api. But what I am getting is that upon upload of enrollment of the policy using enrollment token I see a separate work profile is being created in android device which is not my requirement in the app.
So if anyone out here can help me out in this one be very thankful.
TL DR:
To fully control a device you must enroll it in DEVICE OWNER mode.
I'll try to stick only to this question and address your other concerns answering the other.
You can enroll a device mainly in two modes WORK PROFILE and DEVICE OWNER, one is thought for enterprises that want to allow a BYOD model, the other for enterprises that provide company owned terminals and who wants exert full control on them.
From the docs: https://developers.google.com/android/management/provision-device
The work profile provisioning methods create a work profile on a device. A work profile is a self-contained space that separates work apps from personal apps (see employee-owned devices for more information). On devices with work profiles:
Android Device Policy is installed within the work profile.
devices.managementMode is set to PROFILE_OWNER.
Most policies and commands apply to the work profile only.
The fully managed and dedicated device provisioning methods provide enterprises with full management control over a device:
Android Device Policy is installed on the device's personal (primary) profile.
devices.managementMode is set to DEVICE_OWNER.
Policies and commands apply to the entire device.
Your idea probably needs DEVICE_OWNER mode but here there is the big problem, to enable them you must enroll a device that is factory reset!
So you need a much specific process to prepare a device before use, you cannot achieve a so strict control on a device just installing an app and control it from outside permissions or not. It's against the logic of a "personal device".
I am a beginner in android development.I want to create an application having Finger authentication.I want to register multiple users(50) finger prints using finger sensor of phone.Also i want to authenticate it when user logins.Can anyone help us?
FingeprintManager only has these 3 features:
authenticate : for authenticating user
hasEnrolledFingerprints : Determine if there is at least one fingerprint enrolled.
isHardwareDetected : Determine if fingerprint hardware is present and functional.
you can check FingerPrintManager docs here :
https://developer.android.com/reference/android/hardware/fingerprint/FingerprintManager.html
As per Nexus FAQs
Your fingerprint data is stored securely and never leaves your Pixel
or Nexus phone. Your fingerprint data isn't shared with Google or any
apps on your device. Apps are notified only whether your fingerprint
was verified.
which explains very well that you can use fingerprints for verification purpose only. Its just an alternative to any app lock available in marketplace.
I am a newbie in android development
I am developing an android app that allow people using fingerprint to check-in. The idea is, for instance, a class need student check-in on time everyday. Student have to register their fingertip to identify with application.
I don't know whether android support my application? I just saw that fingerprint identify using registered user's finger.
Could you please help me some idea?
Thank you so much.
Android supports detecting more than one fingerprint.
Eg:Coolpad note 3 detects 5 different fingerprints and we can assign different actions to each fingerprint.
i.e one for unlock screen,one for camera.
Detecting and authentication of different fingerprint is based on how you code your application.So go forward.
You can find here the code for the implentation of Fingerprint authentication in an app
remember one thing that,here you can login in your app only using the fingerprint that you have used for the device's screen lock.
Android authorizes or verifies a user if the fingerprint was previously registered through Android settings. Meaning, you can't add new fingerprints through your app.
The KeyStore save all the keys and use the Keystore private key to sign transactions / data. Meaning, you cannot differentiate users through your app.
I've tried to generate a key pair using the Google sample (BasicAndroidKeyStore). The only modification I made is setting the setUserAuthenticationRequired(true) in the KeyGenParameterSpec.Builder.
I assume it would work fine on a device with the embedded Fingerprint scanner, but running it on OnePlus One (working under Android 6.0), I get the following exception:
At least one fingerprint must be enrolled to create keys requiring user authentication for every use
The phone does have the lock screen set to use the pattern, but apparently it requires fingerprint for the authentication. Any idea how to use API 23 keystore without having the actual Fingerprint reader?
On modern Android devices, the fingerprint scanner is directly linked with the hardware security module.
As a result, there is now a meaningful way to provide isolated encryption that's protected - even on a rooted phone.
Check out these guidelines:
https://developer.android.com/training/articles/keystore#HardwareSecurityModule
An attacker would have to trick a user into swiping their fingerprint in order to unlock stuff... and that's only one decryption or signature per swipe.
This is "pretty good" security, but because of the API limitations and restrictions (notably the lack of ECDH!), most apps that claim to use Android's keychain system don't use the StrongBox. Even those that do won't warn the user when it's not available.
As a result, a jailbreak or zero day can compromise most app keys.
Please consider detecting enrollment, and warning your user that their data is more vulnerable on a device that does not have an enrolled hardware biometry device.
I have also faced same issue with moto devices.
As for now i have done this code. To check before using Fingerprint authentication.
public boolean isFingerprintAuthAvailable() {
//FingerprintManager mFingerprintManager;
return mFingerprintManager.isHardwareDetected()
&& mFingerprintManager.hasEnrolledFingerprints();
}
For more check this sample from which i have implemented. Hope will help you...
Can we use the FingerprintManager in Android M (API 22) to identify (along with authorize) the user?
For example, there are two finger prints registered in the device, one for user A and one for user B. Does the API provide support to detect which user, A or B, just logged in?
No. In fact, the Android Compatibility Definition for Android 6.0 states in the Fingerprint section (7.3.10):
MUST NOT enable 3rd-party applications to distinguish between individual fingerprints.
Therefore while you could write an app that uses the fingerprint as a mechanism to authenticate the user, any registered fingerprint associated with the current user account could be used.
Android Fingerprint method does not provide fingerprint name or Any unique identity. it treated each registered fingerprint equally and just authenticate only. (valid user or invalid user that's it)
Storage
The fingerprints are tied to the device (from the Nexus FAQ):
Your fingerprint data is stored securely and never leaves your device. Your data is not shared with Google or any apps on your device.
Therefore there is no way for an app to access the fingerprint data to be able to save it or use across the devices.
Suggestion :
To distinguish multiple users or devices, you should use external fingureprint scanner. There's some external fingerprint scanners compatible with Android Platform and with SDK for Android. These SDKs allow to enroll and verify multiple users.