Android P Raises Standards for Biometric Authentication

Posted on June 27, 2018 by

Android P Raises Standards for Biometric AuthenticationGoogle’s developers are going to make biometric authentication stronger on Android P, the next iteration of the company’s popular mobile operating system; and in a new post on the company’s blog, Security Engineer Vishwath Mohan explains how.

Essentially, Android’s managers are looking to move beyond FAR and FRR, the standard measures of an authentication mechanism’s performance. The False Acceptance Rate assesses how often an unauthorized user is authenticated and the False Reject Rate assesses how often an authorized user is not verified, but as Mohan explains, “neither metric accounts for an active attacker as part of the threat model”.

That’s where new metrics come in. The Spoof Accept Rate (“SAR”) is designed to assess how often a given system falls victim to deliberate attempts to use recordings of an authorized user to illegitimately gain access to a device, while the Impostor Accept Rate (“IAR”) assesses attempts to mimic an authorized user to gain access.

Most current fingerprint scanning systems have an SAR and IAR of about seven percent, so Android P is going to label any biometric authentication system with an SAR/IAR of seven percent or lower as strong, and anything above seven percent as weak. Weak biometrics will still be allowed for device unlocking, but they’ll have to be paired with a PIN, pattern, or strong biometric after four hours of inactivity, they can’t be used for payments, and they won’t be compatible with the BiometricPrompt API, a new framework allowing developers to easily implement a range of biometric modalities for user authentication.

The new security measures are a testament to the growing importance of biometric authentication in mobile security, and offer Google’s Android an opportunity to stand out as a particularly secure operating system, which could attract increasingly security-conscious users.

Android P is currently in beta testing, with the final version expected to launch in August.

Sources: Android Developers Blog, TechRadar

Tags: , , , , , , , , , , , , , , ,
Related Posts
LG Innotek to Deliver 3D Face Scanner for iPhone 8: Report LG Innotek to Deliver 3D Face Scanner for iPhone 8: Report
Crossmatch Announces Accordant Technology as Latest DigitalPersona Distribution Partner Crossmatch Announces Accordant Technology as Latest DigitalPersona Distribution Partner
Alipay VP: mCommerce Passwords Dead in Three Years Alipay VP: mCommerce Passwords Dead in Three Years
AI-Powered Automation Will Transform Financial Services: Nuance AI-Powered Automation Will Transform Financial Services: Nuance
OT, Sierra Wireless to Showcase LPWA M2M Solutions at MWC OT, Sierra Wireless to Showcase LPWA M2M Solutions at MWC
Lockheed Martin Bolsters Its Cyber Security Alliance, Adds FireEye, Red Hat and Splunk As Members Lockheed Martin Bolsters Its Cyber Security Alliance, Adds FireEye, Red Hat and Splunk As Members
Nuggets Announces Another New Strategic Advisor Nuggets Announces Another New Strategic Advisor
Verizon Promotes Android Pay with Free Data Verizon Promotes Android Pay with Free Data