'Unsafe' fingerprint and face scanners limited in Android

Google is going to take action against the proliferation of relatively unsafe face and fingerprint scanners in Android. From version 8.1 every device that has not been used for four hours and uses this technology must still be unlocked with a pin code. That is what Google says in its own Android blog.

Google uses its own list when it comes to which scanners are considered safe. If a fingerprint or facial scanner can be deceived in less than seven percent of cases with attachments such as a silicone mold, mask or even a photo, Google sees them as safe. That seems to be quite high, but according to Google the threshold will be reduced in the future as the technologies improve and new versions of Android come on the market.

Security in the code

The reason they will do that is that a BiometricPrompt API (code) will be added to Android so that developers can use the authentication capabilities of a device within Android much easier. That API can only be used with your phone if your scanner is on the ‘safe’ side.

On top of that comes an extra safety measure, which is completely independent of how safe your scanners are: every 72 hours a pin code has to be entered. It all together ensures that the security in Android is a lot harder to circumvent and that if there are apps that use the authentication, that can only be done if your device allows. For example, Google has left the possibility to allow weak security measures on hardware, without running the risk in their apps.