Android P Raises Standards for Biometric Authentication

Posted on June 27, 2018 by

Android P Raises Standards for Biometric AuthenticationGoogle’s developers are going to make biometric authentication stronger on Android P, the next iteration of the company’s popular mobile operating system; and in a new post on the company’s blog, Security Engineer Vishwath Mohan explains how.

Essentially, Android’s managers are looking to move beyond FAR and FRR, the standard measures of an authentication mechanism’s performance. The False Acceptance Rate assesses how often an unauthorized user is authenticated and the False Reject Rate assesses how often an authorized user is not verified, but as Mohan explains, “neither metric accounts for an active attacker as part of the threat model”.

That’s where new metrics come in. The Spoof Accept Rate (“SAR”) is designed to assess how often a given system falls victim to deliberate attempts to use recordings of an authorized user to illegitimately gain access to a device, while the Impostor Accept Rate (“IAR”) assesses attempts to mimic an authorized user to gain access.

Most current fingerprint scanning systems have an SAR and IAR of about seven percent, so Android P is going to label any biometric authentication system with an SAR/IAR of seven percent or lower as strong, and anything above seven percent as weak. Weak biometrics will still be allowed for device unlocking, but they’ll have to be paired with a PIN, pattern, or strong biometric after four hours of inactivity, they can’t be used for payments, and they won’t be compatible with the BiometricPrompt API, a new framework allowing developers to easily implement a range of biometric modalities for user authentication.

The new security measures are a testament to the growing importance of biometric authentication in mobile security, and offer Google’s Android an opportunity to stand out as a particularly secure operating system, which could attract increasingly security-conscious users.

Android P is currently in beta testing, with the final version expected to launch in August.

Sources: Android Developers Blog, TechRadar

Tags: , , , , , , , , , , , , , , ,
Related Posts
Complex Forms of Fraud Thwarted by Behavioral Biometrics in New Case Studies Complex Forms of Fraud Thwarted by Behavioral Biometrics in New Case Studies
Vivo Xplay 5 Features FPC1035 Sensor Vivo Xplay 5 Features FPC1035 Sensor
New Report Helps Build Case for Mobile Biometric Security New Report Helps Build Case for Mobile Biometric Security
Pepsi Adds to Budget Smartphone Sensor Fizz Pepsi Adds to Budget Smartphone Sensor Fizz
Cloud2Drive Makes Debut with Amazon Web Services Cloud2Drive Makes Debut with Amazon Web Services
BioCatch Appoints New CEO BioCatch Appoints New CEO
IDEX and Chutian Dragon Team with POS Specialist on Biometric Card Transactions IDEX and Chutian Dragon Team with POS Specialist on Biometric Card Transactions
With 5G, IoT on Horizon, Ericsson Looks for New CEO With 5G, IoT on Horizon, Ericsson Looks for New CEO