Advance authentication using fingerprint in your Android application

Overview

This blog is about implementing advance authentication using fingerprint in android app as Android Marshmallow and above version has introduced a set of API that makes easy to use touch sensor to develop an Android fingerprint app.

Why to use fingerprint authentication?

There are several benefits you will get by putting fingerprint authentication in your application

  • Quick and reliable way of authenticating user’s identity
  • Secure: Using Fingerprint authentication, online transactions become more convenient as Unique fingerprints assure that it’s unlocked just by you and impossible to guess.

Few steps to follow to enable fingerprint authentication in your app.

  • Verify that the device is running on Android 6.0 (M)(minSdkversion-23) or above
  • Verify that the device features a fingerprint sensor.
  • Verify that the lock screen is protected by PIN, password or pattern and at least one fingerprint is registered on the smartphone
  • Get access to Android keystore to store the key used to encrypt/decrypt an object
  • Generate an encryption key and the Cipher
  • Start the authentication process
  • Implement a callback class to handle authentication events

Updating Manifest

  • First of all, We need to add USE_FINGERPRINT permission in your AndroidManifest.xml file
  • App is going to require access to the device’s touch sensor in order to receive fingertip touch events:
  • By adding the following code to your application, you can make fingerprint authentication as necessary in your app then declare that your app requires a touch sensor.
  • Above code will let users install app on specific devices that fulfil this hardware requirement and prevent your app from being installed on devices that don’t include this piece of hardware.
  • However , it’s good practice to make touch sensor as preferred, but not required so that Google Play will then permit users to download your app even if their device doesn’t have a fingerprint sensor.
  • If you do opt for this approach, then your app will need to check for the presence of a touch sensor at runtime and then disable its fingerprint authentication features, where appropriate.

User Interface

activity_main.xml

It’s time to create fingerprint authentication part

Part 1: Check whether the device has the hardware, software and settings required to support fingerprint authentication

  • Verify Secure lock screen using keyguardManager and FingerPrintManager
  • Verify hardware requirement, Runtime permissions and software settings

If all the conditions are met then app is ready to start authentication process

Part 2: Create the key, cipher and CryptoObject that we’ll use to perform the actual authentication.

  • First of all, by generating keystore instance, gain access to keystore instance which allows you to store cryptographic keys which makes difficult to access device.
  • Generate app’s unique encryption key
  1. Obtain a reference to the Keystore using the standard Android keystore container identifier (“AndroidKeystore”)
  2. Generate key
  3. Initialize an empty keystore
  4. Initialize a keyGenerator
  5. Configure this key so that the user has to confirm their identity with a fingerprint each time they want to use it

Initialise cipher that will be used to create the encrypted FingerprintManager.

Assign the CryptoObject by creating cipher instance to the instantiated and various other checks before initiating the authentication process.

Part 3: Create Helper Class

  • Create helper class which extends FingerprintManager.AuthenticationCallback which will override 4 methods:
    1. onAuthenticationFailed() willl be called whenever fingerprint doesn’t match with anyone’s fingerprint registered on device.
    2. onAuthenticationError(int errMsgId, CharSequence errString) will be called when fatal error has occurred.
    3. onAuthenticationSucceeded(FingerprintManager.AuthenticationResult result) will be called when fingerprint has been successfully matched.
    4. onAuthenticationHelp(int helpMsgId, CharSequence helpString).
      This is one of the important methods which will be called when a non Fatal error has occurred which provides additional information about error.
  • Initialize CancellationSignal method whenever your app can no longer process user input. If you don’t use this method, then other apps will be unable to access the touch sensor, including the lockscreen!!!!!

MainActivity.java

Helper.java

How To Test your App In Android Emulator

  • To test the app, it is possible to use a real device that has a touch sensor. Anyway, it is possible to test the app in the emulator too.
  • To use this app in Android Emulator, you have to first configure the fingerprint accessing to the Security menu. When the system asks for fingerprint you have to use the adb command to emulate the finger touch:
  • Open your Mac’s Terminal (or Command Prompt if you’re a Windows user) then change directory (cd) so it’s pointing at your Android SDK download; specifically, the Android/sdk/platform-tools folder and fire this command.
  • On Windows, you may have to run telnet 127.0.0.1 followed by finger touch .

The image below shows the app in action:

mm

Pooja Shah Android Developer

I am Pooja Shah, enthusiastic android developer at Yudiz Solution Pvt Ltd- a mobile app development company .I am passionate about developing my abilities in new technology and I enjoy socializing.

Leave a Reply

Top