Biometric security has made it easy to keep our phones secure, which means most of us actually are doing it. It's easy to argue that your fingerprint or iris or a map of your head aren't as secure as a strong password or are your identity and not a passcode, but in the end, more people securing their phones is better for everyone. It's easy to understand why your bank wants you to secure your phone, but remember that some of your personal details are probably on someone else's phone, too.
Biometrics make security easy, which means we'll actually use it.
We saw big changes to biometrics with Android 9. The introduction of the BiometricPrompt API tried to unify how different types of biometric authentication could function by providing a unified interface that worked with fingerprint scanners (both capacitive and ultrasonic), Iris scanning, and secure facial unlocking.
It was needed. Before the new APIs, developers had to use programming interfaces that weren't part of the operating system or build a workaround that used the standard fingerprint sensor APIs. Iris scanning depended on a Samsung SDK, Huawei's facial unlocking had its own programming interface, and so did HTC's. Android 10 made further changes so that everything — including the newly released Pixel 4 — could use a single way to authenticate without reinventing the wheel.
We saw how that worked. App developers were slow to adapt because of a couple of hurdles: the new programming interface still forced a direct query of the actual hardware and the system determined if it was "good enough" and not the people who actually wanted to include it in an app.
Enter Android 11. What seems like a simple change, the addition of defined authentication types, it's easier than ever for a developer to use any biometric hardware how they see fit.
Android now includes categories for weak, strong, and device credential biometric hardware. In Android 10 a developer could only use what Google defined as secure biometrics: fingerprint scanners, iris scanners, and true 3D facial recognition. That actually led to code being written to blacklist the most popular Android devices (Galaxy S8/Note 8, Galaxy S9/Note 9, Galaxy S10/Note 10) from using the BiometricPrompt API and forced the fallback to the old workarounds using the original fingerprint methods because of a bug. Having a shiny new way of doing things means little when most devices can't even use it.
Now when a developer wants to include biometric authentication, they can look to all methods — including those marked as "weak" — to see which fit their needs best. Maybe your bank wants to only allow authentication marked as strong (it probably does) so it can ignore things like Android's standard facial recognition or even force you to enter your unlock code or PIN after authenticating if they are extremely security-conscious (they probably don't, but maybe they should).
Weak biometrics are useful, too.
Alternatively, something like a secure photo browser can allow weaker authentication methods like regular photo-based facial unlocking or even in-between solutions that almost meet the "strong" criteria like HTC's depth-sensing facial unlock.
Once that's out of the way all an app needs to do is tell the BiometricPrompt API to show you a dialog and it's done. No more custom coding or third-party SDKs or doing everything by hand. And that's how it should be; when things become easy (or easier) for developers, we benefit.
See you on Android 11 very soon.
We may earn a commission for purchases using our links. Learn more.
iOS 14 widgets make Android's look like an absolute embarrassment
If you want your home screen to look good, you should want widgets that look great. Apple knows this, and it made sure that widgets on each of the
OnePlus Nord review: Setting a new standard for mid-range phones
The OnePlus Nord is aiming to be the best mid-range phone in 2020. With a 90Hz AMOLED display, Snapdragon 765G chipset, 48MP camera at the back, and clean software, it delivers the basics. Is OnePlus onto another winner here? Let's find out.
AC Podcast 492: TikTok/WeChat Ban; LG Wing; Pixel 5s; PS5
Daniel and Jerry are joined by Alex Dobie and Joe Maring to make sense of the impending (at the time of recording) TikTok and WeChat bans in the U.S. The crew also preview the LG Wing and discuss Apple's recent Watch and iPad announcements in comparison to Android-compatible watches and the Galaxy Tab S7. Alex also reports on the rumored Pixel 5s. Plus, the next-gen consoles are coming...
People into rooting and modding should check out these Android phones
If you're looking ahead and know you'll want to change something on your next phone that requires custom software or root access, these phones are the best options.