Android use fingerprint scanner as biometric device

prash32 picture prash32 · Jan 30, 2017 · Viewed 8.3k times · Source

We want to use the in-built fingerprint sensor to capture fingerprint. We don't want to validate it or run a fingerprint matching algorithm. We just want the fingerprint data which will be sent to the server for storage purposes(even here we don't have to validate it or run a fingerprint matching algorithm). The fingerprint will only be stored as a reference.

I know that we cannot get fingerprint data from the fingerprint sensor. We can only get it to validate the users when making payments. I also know that we cannot get accurate fingerprint from the touch screen and camera.

We do not want to use external fingerprint sensor hardware at the moment (it's the last resort).

My argument here is that we don't want to get the stored fingerprint data of the user. So, when the phone is an unlocked state, can we get the fingerprint data of any other user in the app.

Answer

Dmitrii Nechepurenko picture Dmitrii Nechepurenko · Jan 30, 2017

Android fingerprint authentication is designed specifically to make it impossible to do what you want. From android website:

Thus, raw images and processed fingerprint features must not be passed in untrusted memory. All such biometric data needs to be secured within sensor hardware or trusted memory. (Memory inside the TEE is considered as trusted memory; memory outside the TEE is considered untrusted.)

So the simpliest way - use external sensor.