blog_fingerprint_authentication

How to Add Fingerprint Authentication in Android


In this tutorial, we’ll learn how add fingerprint authentication in an android app.

With the FingerprintManager API, Google has created a native approach for fingerprint authentication across all Android devices. Developers can now authenticate their users on an app-by-app basis for everything from mobile purchases to app sign-in screens and more with just the tap of a finger. There are only three requirements for a user to to be eligible.

  1. The user’s device must have a fingerprint reader
  2. The user’s device must be running Android 6.0 Marshmallow (API 23) or greater
  3. The user must have registered fingerprints on the device (more on this later)

fingerprint-authenticate-success

API Overview

The FingerprintManager class coordinates all access to the fingerprint hardware. UsingFingerprintManager we can check for device support, attempt authentication, and handle any successful or failed authentication attempts appropriately. The first thing we’ll need when implementing fingerprint authentication is an instance of FingerprintManager. This is a system-level service, so we need to call Context’s getSystemService(String) method, passing in the Context.FINGERPRINT_SERVICE constant.

Getting started with Android Fingerprint Authentication

Permissions

Before starting, it is important to request the permission to use the touch sensor and the fingerprint authentication. So in the Manifest.xml, add below permission.

Checking For Support

  • Verify device has a fingerprint hardware supported
  • Verify that at least one fingerprint is registered on the smartphone

Note: One can also verify whether device lock screen is secured, or in other words, it is protected by PIN, password or pattern

Authenticating

Generating the Key

Fingerprint authentication process involves the generation of an encryption key which is then stored securely on the device using the Android Keystore system. Before the key can be generated and stored, the app must first gain access to the Keystore.

A reference to the Keystore is obtained by calling the getInstance method of the Keystore class and passing through the identifier of the standard Android keystore container (“AndroidKeyStore”). The keystore container is loaded and the KeyGenerator initialized. This initialization process makes use of the KeyGenParameterSpec.Builder class to specify the type of key being generated. This includes referencing the key name, configuring the key such that it can be used for both encryption and decryption, and setting various encryption parameters. The setUserAuthenticationRequired method call configures the key such that the user is required to authorize every use of the key with a fingerprint authentication. Once the KeyGenerator has been configured, it is then used to generate the key via a call to the generateKey method of the instance.

Initialising the Cipher

CryptoObject also introduced in Android 6.0 to support FingerprintManager, CryptoObject is a wrapper class for the crypto objects supported by FingerprintManager. These currently include Signature, Cipher, and Mac. Cipher configuration involves obtaining a Cipher instance and initializing it with the key stored in the Keystore container.

The getInstance method of the Cipher class is called to obtain a Cipher instance which is subsequently configured with the properties required for fingerprint authentication. The previously generated key is then extracted from the Keystore container and used to initialize the Cipher instance. Errors are handled accordingly and a true or false result returned based on the success or otherwise of the cipher initialization process.

AuthenticationCallback

This is the listener for fingerprint events. It provides four methods:

onAuthenticationError(int, CharSequence)
Called when a fatal error has occurred. This method provides the error code and error message as its parameters. You should implement this method to notify the user an error has occurred.

onAuthenticationFailed()
Called when a user attempts authentication but the fingerprint is not recognized. You should always notify the user that their authentication attempt failed.

onAuthenticationHelp(int, CharSequence)
Called when a non-fatal error has occurred. This method provides the error code and a help message you can display to the user.

onAuthenticationSucceeded(AuthenticationResult)
Called when a user’s fingerprint is successfully recognized. The AuthenticationResult parameter includes the CryptoObject associated with the transaction.

 

How to test the app in Android emulator

To support the new APIs, ADB can emulate fingerprint touch events.

  • Install Android SDK Tools Revision 24 or above, if you have not done so.
  • Enroll a new fingerprint in the emulator by going to Settings ⇒ Security ⇒ Fingerprint, then follow the enrollment instructions.
  • Use an emulator to emulate fingerprint touch events with the following command. Use the same command to emulate fingerprint touch events on the lockscreen or in your app.
  • Or from the emulator UI, we can achieve the same.

fingerprint-emulate-ui

Complete Source Code available at here.

Conclusion

I hope you will like the article and it will definitely help you to make your apps more productive. In case of any confusion or query, feel free to ask. And if you found this tutorial to be useful, Share with others.


About Durga Chiranjeevi

I’m a normal guy, engineer by education who is passionate about Programming and Internet. An android enthusiast, now moving for cross platforms and game development.