App developers are always striving to make mobile applications more user-friendly and easier to use. They are in constant search of improvements, and new technologies, such as biometric authentication, to open doors to a better user experience.
And, we have to say, people gladly accept such improvements. According to statistics, 75% of Americans have already used some kind of biometric technology, and businesses recognize the value of it in terms of security as well.
What does it take to integrate this technology into your app?
Let’s take a look.
What is Biometric Authentication?
Before we jump into the implementation process, let’s clear up the definition first.
Biometric authentication is the security check that involves the biometric identification of a person to verify their identity. This identification can be physical or behavioral. More often than not, apps use a fingerprint scan or facial recognition, the market for which, by the way, will reach $12.9 billion by 2027:
Credit: Statista
Now, let’s see what you need to do to add biometric authentication to your app.
1. Prepare Your App’s Code for Editing
Before changing your app’s code, you need to prepare everything for it, and the first step is to get everything set for editing.
Most developers use open-source solutions, among which NativeScript is probably the best option, as it works for both Android and iOS apps. It also has a variety of other benefits:
- Works with most languages (JavaScript, HTML, CSS, etc.)
- Allows abstracted UI, which accelerates development
- Code reuse is available - you can share it between native and mobile apps
Most importantly, it allows you to add the API for biometric authentication in a matter of seconds.
2. Choose Biometric Authentication Type (consider your audience)
Biometric authentication is available in five main types:
- Fingerprint scanning
- Voice recognition
- Iris recognition
- Facial recognition
- Handwriting recognition
As we mentioned, app developers mostly use fingerprints and facial recognition for mobile applications. Both types have pros and cons.
When it comes to fingerprint scanning, most people are already familiar with this technology and won’t have a tough time figuring it out. Also, implementing it cancels the necessity for complex passwords. On the other hand, if a person’s finger used for the scan was damaged, the authentication might fail, restricting a user from entering the app.
Speaking about facial recognition, it is also effective in speeding up the login process. However, a slight change in lighting can distort a person’s face making it unfamiliar to the scanner.
So, how to choose the right biometric authentication type?
Always think about your audience. If you’re implementing this technology in an app for French learners, a fingerprint scan will be enough. However, if the application includes high-priority personal data that needs an extra layer of protection, consider facial or even voice recognition.
3. Check Biometric Accessibility
You can’t assume that every app user will have a device with biometric accessibility or that it will be turned on, so you need to add a code snippet that would confirm or deny that the device can use biometric authentication.
Let’s see how it should be done for Android. First, you will need to enter the following dependency line in the build.gradle file of your app module:
implementation 'androidx.biometric:biometric:1.1.0'
|
Next, to see if biometric authentication is ready to use on a device, you need to add this snippet:
BiometricManager.from(context).canAuthenticate(int) == BiometricManager.BIOMETRIC_SUCCESS
|
Android Developers website also suggests the following code to check biometric accessibility (for Java):
BiometricManager biometricManager = BiometricManager.from(this); switch (biometricManager.canAuthenticate(BIOMETRIC_STRONG | DEVICE_CREDENTIAL)) { case BiometricManager.BIOMETRIC_SUCCESS: Log.d("MY_APP_TAG", "App can authenticate using biometrics."); break; case BiometricManager.BIOMETRIC_ERROR_NO_HARDWARE: Log.e("MY_APP_TAG", "No biometric features available on this device."); break; case BiometricManager.BIOMETRIC_ERROR_HW_UNAVAILABLE: Log.e("MY_APP_TAG", "Biometric features are currently unavailable."); break; case BiometricManager.BIOMETRIC_ERROR_NONE_ENROLLED: // Prompts the user to create credentials that your app accepts. final Intent enrollIntent = new Intent(Settings.ACTION_BIOMETRIC_ENROLL); enrollIntent.putExtra(Settings.EXTRA_BIOMETRIC_AUTHENTICATORS_ALLOWED, BIOMETRIC_STRONG | DEVICE_CREDENTIAL); startActivityForResult(enrollIntent, REQUEST_CODE); break; } |
If we’re speaking about Android, typically, Android 6 (Marshmallow), 7 (Nougat), 8 (Oreo), and 9 (Pie) only allow fingerprint scanning. Android 10 and above also enable facial and iris recognition.
4. Integrate Biometric Authentication
Now, it’s time to create a biometric authentication login prompt for your app, which would be the next-to-last step in the entire process.
If you’re working with Android, first, you will need to add the dependency on the androidx.biometric library in your app’s build.gradle file. After that, in the code fragment that includes the login dialog, create a prompt by following the logic in this code snippet (for Java):
private Executor executor; private BiometricPrompt biometricPrompt; private BiometricPrompt.PromptInfo promptInfo; @Override protected void onCreate(Bundle savedInstanceState) { super.onCreate(savedInstanceState); setContentView(R.layout.activity_login); executor = ContextCompat.getMainExecutor(this); biometricPrompt = new BiometricPrompt(MainActivity.this, executor, new BiometricPrompt.AuthenticationCallback() { @Override public void onAuthenticationError(int errorCode, @NonNull CharSequence errString) { super.onAuthenticationError(errorCode, errString); Toast.makeText(getApplicationContext(), "Authentication error: " + errString, Toast.LENGTH_SHORT) .show(); } @Override public void onAuthenticationSucceeded( @NonNull BiometricPrompt.AuthenticationResult result) { super.onAuthenticationSucceeded(result); Toast.makeText(getApplicationContext(), "Authentication succeeded!", Toast.LENGTH_SHORT).show(); } @Override public void onAuthenticationFailed() { super.onAuthenticationFailed(); Toast.makeText(getApplicationContext(), "Authentication failed", Toast.LENGTH_SHORT) .show(); } }); promptInfo = new BiometricPrompt.PromptInfo.Builder() .setTitle("Biometric login for my app") .setSubtitle("Log in using your biometric credential") .setNegativeButtonText("Use account password") .build(); // Prompt appears when user clicks "Log in". // Consider integrating with the keystore to unlock cryptographic operations, // if needed by your app. Button biometricLoginButton = findViewById(R.id.biometric_login); biometricLoginButton.setOnClickListener(view -> { biometricPrompt.authenticate(promptInfo); }); } |
After that, the one thing left to do is test your code. You might also want to consider adding an option for the standard login and register process in case biometric authentication doesn’t work for some reason.
Over to You
Adding biometric authentication is not a very time-consuming process, given that you know which type you want to implement. After that, all you need is to follow a specific logic when writing the code, as we’ve shown you in our example above.
Interested in more articles like this? Make sure to check out our blog!
Ryan is a passionate blogger and writer who likes sharing his thoughts and he now works as a content editor and internet researcher. You can check his website https://preply.com/. He likes to travel and explore new countries.
Author
Latest Articles
Blog2022.09.29Wireshark | Log Files: Attacks & Defenses [FREE COURSE CONTENT]
Blog2022.09.15Kernel Self-Protection and Its Methods | Linux Kernel Security [FREE COURSE CONTENT]
Blog2022.09.14Android Incident Response | Android Mobile Forensics [FREE COURSE CONTENT]
Blog2022.09.13Forensically Sound Imaging | Digital Forensic Imaging - Tools & Methods [FREE COURSE CONTENT]
New Edition
