Reputation: 11156
BiometricPrompt iris and face prompt is not working with Crypto object authentication. #AndroidX
Issue
- Biometric authentication iris and face-detection is not prompting with
biometricPrompt.authenticate(**crypto**, promptInfo)call.
Source reference:
- Securing data with BiometricPrompt (19 May 2019)
- One Biometric API Over all Android (30 October 2019)
- Biometrich API
Device used for testing:
- Samsung S8 (Android OS 9)
Steps of Authentication I'm following:
- val biometricPrompt = BiometricPrompt(...)
- val promptInfo = BiometricPrompt.PromptInfo.Builder()...
- biometricPrompt.authenticate(promptInfo) (PFA: option A, B)
and there is another authentication method which take cipher object to make sure
- biometricPrompt.authenticate(crypto, promptInfo). (PFA: option C)
Everything worked just as expected with new and older API device support. Until unless realize tested application for other biometric authentication option iris and using face detection.
If I follow
biometricPrompt.authenticate(promptInfo) then application simply display authentication option based on user preference which he has to choose from Device Setting -> Biometric preference. And perform authentication independently. (PFA: option A, B)
But if use
biometricPrompt.**authenticate**(crypto, promptInfo)then it displays only fingerprint authentication option ONLY. For other preference option iris and face-detection, it does not display anything onauthenticate(..)method call. (PFA: option C)
Question
- Why other Biometric authentication is not prompting with crypto object authentication.
Upvotes: 10
Views: 5754
Answers (2)
Reputation: 2688
Face-Id is considered as WEAK authenticator. If you set .setAllowedAuthenticators(BIOMETRIC_WEAK or DEVICE_CREDENTIAL) in BiometricPrompt Info and performs any Key based crypto operations. It will throw
java.lang.IllegalArgumentException: Crypto-based authentication is not supported for Class 2 (Weak) biometrics.
For crypto-based authentication only allowed authenticators are BIOMETRIC_STRONG or DEVICE_CREDENTIAL
Refer table here: https://source.android.com/docs/security/features/biometric
Upvotes: 1
Reputation: 984
Some devices only have one form factor, some have many form factors. Which form factor your app ends up using isn't really up to you; it's up to the OEM implementation. As explained in this blog post, whether a form factor is Strong or Weak doesn't depend on your code -- the OEM decides. However, you can request that a device uses Strong authentication for your app by specifying a CryptoObject when you call authenticate().
What you are experiencing is that the OEMs of your devices decided to make Fingerprint the default for Strong biometrics. Therefore, when you pass in a CryptoObject to authenticate() those devices show the user the UI for Fingerprint.
Upvotes: 2
Related Questions
- Android Biometric API Issue
- BiometricPromptCompat: Disable Iris/Face recognition (only allow fingerprints)
- Face Authentication using androidx Biometric API in Android
- BiometricPrompt FACE ID authentication is not working in some device
- How to use face authentication using Biometric api
- KeyGeneration using AndroidX.Biometric fails if only face as biometric is installed
- Android biometrics api isn't using face recognition to unlock
- java.lang.IllegalArgumentException: Device credential not supported with crypto
- BiometricPrompt Executor and/or callback was null
- The CryptoObject in BiometricPrompt.AuthenticationResult is always null