Here’s How Biometric Authentication Will Be Stronger on Android P

Google’s developers are going to make biometric authentication stronger on Android P, the next iteration of the company’s popular mobile operating system; and in a new post on the company’s blog, Security Engineer Vishwath Mohan explains how.

Essentially, Android’s managers are looking to move beyond FAR and FRR, the standard measures of an authentication mechanism’s performance. The False Acceptance Rate assesses how often an unauthorized user is authenticated and the False Reject Rate assesses how often an authorized user is not verified, but as Mohan explains, “neither metric accounts for an active attacker as part of the threat model”.

That’s where new metrics come in. The Spoof Accept Rate (“SAR”) is designed to assess how often a given system falls victim to deliberate attempts to use recordings of an authorized user to illegitimately gain access to a device, while the Impostor Accept Rate (“IAR”) assesses attempts to mimic an authorized user to gain access.

Most current fingerprint scanning systems have an SAR and IAR of about seven percent, so Android P is going to label any biometric authentication system with an SAR/IAR of seven percent or lower as strong, and anything above seven percent as weak. Weak biometrics will still be allowed for device unlocking, but they’ll have to be paired with a PIN, pattern, or strong biometric after four hours of inactivity, they can’t be used for payments, and they won’t be compatible with the BiometricPrompt API, a new framework allowing developers to easily implement a range of biometric modalities for user authentication.

The new security measures are a testament to the growing importance of biometric authentication in mobile security, and offer Google’s Android an opportunity to stand out as a particularly secure operating system, which could attract increasingly security-conscious users.

Android P is currently in beta testing, with the final version expected to launch in August.

Sources: Android Developers Blog, TechRadar

—

(Originally posted on Mobile ID World)

Related News

Sponsored Links

FaceTec’s patented, industry-leading 3D Face Authentication software anchors digital identity, creating a chain of trust from user onboarding to ongoing authentication on all modern smart devices and webcams. FaceTec’s 3D FaceMaps™ make trusted, remote identity verification finally possible. As the only technology backed by a persistent spoof bounty program and NIST/iBeta Certified Liveness Detection, FaceTec is the global standard for Liveness and 3D Face Matching with millions of users on six continents in financial services, border security, transportation, blockchain, e-voting, social networks, online dating and more. www.facetec.com

TECH5 is an international technology company founded by experts from the biometrics industry, which focuses on developing disruptive biometric and digital ID solutions through the application of AI and Machine Learning technologies.

TECH5 target markets include both Government and Private sectors with products powering Civil ID, Digital ID, as well as authentication solutions that deliver identity assurance for various use cases.

Learn more: www.tech5.ai

Mobile ID World is here to bring you the latest in mobile authentication solutions and application providers. Our company is dedicated to providing users with the best content and cutting edge information on technology, news, and mobile solutions for your mobile identity management needs.

Related News

Footer

Follow Us