Google is one of the world’s biggest companies and it’s involved in everything tech related starting with software and ending with smartphones. However, the things that Google is mostly known for are the famous search engine and mobile Android operating system. Nearly all smartphones are running on Google’s Android operating system and there’s a good reason behind that.
Take for example Google’s latest Android 8.1 Oreo which ships with a plethora of features and complex security measures that guarantee users will never have to worry about their data being stolen. However, Google is currently working on a new operating system known as Android P and recent news are showing that it will feature a new BiometricPrompt API.
Even though the official release date for Android P is still unknown, the public version of the operating system is already live. This is how we know that Google installed a new BiometricPrompt API which requires a 7 percent combined spoof accept rate which is simply known as SAR and IAR (imposter accept rate).
The reason why the new BiometricPrompt API requires SAR and IAR is to be able to differentiate between smartphones which feature strong or weak biometrics. Therefore, Android P will not support weak biometrics.
The folks from the official Android Developers website are saying that a smartphone with a weak biometric will need to display warning risks. Not just that, but these smartphones will not be allowed to authenticate payments and other types of transactions which require a KeyStore auth-bound-key.
Google Enforces Strong Biometrics
From the looks of it, Google is asking Android fans to purchase smartphones which feature strong Biometrics. The reason why Google is doing this is quite simple, the Android parent wants to make sure that no hacker or malware is able to crack its operating system.
However, not everyone is able to afford a premium smartphone and Google knows that too well. Therefore, Android P will remain unlocked for 4 hours on a smartphone with weak Biometrics and then it will force users to select a different unlocking method such as a password, PIN or screen pattern.
“Biometrics have the potential to both simplify and strengthen how we authenticate our digital identity, but only if they are designed securely, measured accurately. We want Android to get it right across all three. So we’re combining secure design principles, a more attacker-aware measurement methodology, and a common, easy to use biometrics API that allows developers to integrate authentication in a simple, consistent, and safe manner.” Said Android Security Engineer Vishwath Mohan.