Google’s Developers Promise Secure Biometric Authentication in Android P

In an announcement put out earlier today, Google’s developers said that they plan to improve some of the biometric authentication techniques that the Android mobile operating system users as soon as Android P gets released. Security experts have noted that the Linux-based OS needs some improvements before it’s ready to offer users a good promise of privacy and security when using biometric options to unlock their devices.

Fingerprint scanning, face unlocking and other techniques are quickly becoming extremely popular among Android users. The company said today that they plan to define a specific model that will be used to measure biometric security options in the near future.

Android P is the next major release of the Android mobile operating system. It’s expected to be available for download later in the summer, and Google’s engineers stated that it will be the first version of the OS to ship with a new and improved authentication method.

Google apparently plans to create a single common unified platform for developers to integrate biometric authentication into apps they make. Oreo-based Android 8.1 system software uses a set of four different machine learning-based methods for authentication. These are designed to reduce the risk of someone spoofing another user’s biometrics or working around the locks with a piece of malicious code.

Devices running Android P will force users to enter a password, PIN or gesture in order to unlock a device when it hasn’t been used for four hours and was previous unlocked with a weak biometric procedure. Android P users won’t be able to use these biometrics to approve payments or banking transactions.

Nevertheless, users will be able to bypass these restrictions if they’re already using some form of strong biometrics that couldn’t be easily defeated.

A new API called BiometricPrompt will get released to developers when Android P comes out, which will permit them to integrate system software-based biometric authentication methods right into their own apps. This should serve as an abstraction layer that will let programmers do this without having to worry about how Android P calculates whether an authentication attempt was good or bad.

Developers can already download a technical white paper that explains how they can incorporate calls to the BiometricPrompt API into the code of apps they might already be working on.

John Rendace
John is a GNU/Linux expert with a hobbyist's background in C/C++, Web development, storage and file system technologies. In his free time, he maintains custom and vintage PC hardware. He's been compiling his own software from source since the DOS days and still prefers using the command line all these years later.