Android P Raises Standards for Biometric Authentication

Posted on June 27, 2018 by

Android P Raises Standards for Biometric AuthenticationGoogle’s developers are going to make biometric authentication stronger on Android P, the next iteration of the company’s popular mobile operating system; and in a new post on the company’s blog, Security Engineer Vishwath Mohan explains how.

Essentially, Android’s managers are looking to move beyond FAR and FRR, the standard measures of an authentication mechanism’s performance. The False Acceptance Rate assesses how often an unauthorized user is authenticated and the False Reject Rate assesses how often an authorized user is not verified, but as Mohan explains, “neither metric accounts for an active attacker as part of the threat model”.

That’s where new metrics come in. The Spoof Accept Rate (“SAR”) is designed to assess how often a given system falls victim to deliberate attempts to use recordings of an authorized user to illegitimately gain access to a device, while the Impostor Accept Rate (“IAR”) assesses attempts to mimic an authorized user to gain access.

Most current fingerprint scanning systems have an SAR and IAR of about seven percent, so Android P is going to label any biometric authentication system with an SAR/IAR of seven percent or lower as strong, and anything above seven percent as weak. Weak biometrics will still be allowed for device unlocking, but they’ll have to be paired with a PIN, pattern, or strong biometric after four hours of inactivity, they can’t be used for payments, and they won’t be compatible with the BiometricPrompt API, a new framework allowing developers to easily implement a range of biometric modalities for user authentication.

The new security measures are a testament to the growing importance of biometric authentication in mobile security, and offer Google’s Android an opportunity to stand out as a particularly secure operating system, which could attract increasingly security-conscious users.

Android P is currently in beta testing, with the final version expected to launch in August.

Sources: Android Developers Blog, TechRadar

Tags: , , , , , , , , , , , , , , ,
Related Posts
US Senate Legislation Offers Opportunity to Adapt to IoT US Senate Legislation Offers Opportunity to Adapt to IoT
AI System Can Identify Ramen, Creator Isn’t Sure How AI System Can Identify Ramen, Creator Isn’t Sure How
HP Embraces Windows 10 Security Features HP Embraces Windows 10 Security Features
Apple Gets Ready to Take a Bite Out of mCommerce Apple Gets Ready to Take a Bite Out of mCommerce
Microsoft Enters mPayment Arena With Microsoft Wallet Microsoft Enters mPayment Arena With Microsoft Wallet
Precise Biometrics Announces Results of AGM Precise Biometrics Announces Results of AGM
Government Report Urges IRS to Consider FIDO Security for Taxpayers Government Report Urges IRS to Consider FIDO Security for Taxpayers
Nubia Incorporates Eye Vein Authentication in New Smartphone Nubia Incorporates Eye Vein Authentication in New Smartphone