Android P Raises Standards for Biometric Authentication

Posted on June 27, 2018 by

Android P Raises Standards for Biometric AuthenticationGoogle’s developers are going to make biometric authentication stronger on Android P, the next iteration of the company’s popular mobile operating system; and in a new post on the company’s blog, Security Engineer Vishwath Mohan explains how.

Essentially, Android’s managers are looking to move beyond FAR and FRR, the standard measures of an authentication mechanism’s performance. The False Acceptance Rate assesses how often an unauthorized user is authenticated and the False Reject Rate assesses how often an authorized user is not verified, but as Mohan explains, “neither metric accounts for an active attacker as part of the threat model”.

That’s where new metrics come in. The Spoof Accept Rate (“SAR”) is designed to assess how often a given system falls victim to deliberate attempts to use recordings of an authorized user to illegitimately gain access to a device, while the Impostor Accept Rate (“IAR”) assesses attempts to mimic an authorized user to gain access.

Most current fingerprint scanning systems have an SAR and IAR of about seven percent, so Android P is going to label any biometric authentication system with an SAR/IAR of seven percent or lower as strong, and anything above seven percent as weak. Weak biometrics will still be allowed for device unlocking, but they’ll have to be paired with a PIN, pattern, or strong biometric after four hours of inactivity, they can’t be used for payments, and they won’t be compatible with the BiometricPrompt API, a new framework allowing developers to easily implement a range of biometric modalities for user authentication.

The new security measures are a testament to the growing importance of biometric authentication in mobile security, and offer Google’s Android an opportunity to stand out as a particularly secure operating system, which could attract increasingly security-conscious users.

Android P is currently in beta testing, with the final version expected to launch in August.

Sources: Android Developers Blog, TechRadar

Tags: , , , , , , , , , , , , , , ,
Related Posts
SensibleVision Announces 3DVerify, Anticipating Popularity of Depth Cameras SensibleVision Announces 3DVerify, Anticipating Popularity of Depth Cameras
Patent Application Details How iPhone’s Touch ID Could Unlock a Mac Patent Application Details How iPhone’s Touch ID Could Unlock a Mac
New Vivo Smartphones’ Sensors Use Precise Biometrics Algorithms New Vivo Smartphones’ Sensors Use Precise Biometrics Algorithms
ForgeRock Integrates ImageWare’s Multimodal Authentication Platform ForgeRock Integrates ImageWare’s Multimodal Authentication Platform
Atom Bank Climbs Fintech 100 Rankings Atom Bank Climbs Fintech 100 Rankings
Cloud Biometrics: ImageWare Systems Enters Testing Phase With T-Systems Cloud Biometrics: ImageWare Systems Enters Testing Phase With T-Systems
Samsung SDS Celebrates Win in ‘Oscars of IT’ Samsung SDS Celebrates Win in ‘Oscars of IT’
Precise Biometrics Enters Licensing Agreement With O-Film Precise Biometrics Enters Licensing Agreement With O-Film