Fingerprint scanning

Using a fingerprint to unlock a phone or authenticate transactions in mobile applications is becoming more popular. It can be performed faster in comparison to using a password, pin or pattern and it still provides a similar level of security. Nowadays it is hard to imagine any new device released without a fingerprint scanner but let’s go back in time.

The first Android device with a fingerprint sensor was the Motorola Atrix released in 2011. However, developers had to wait until October 2015 in order to use this feature in their applications because the official API was introduced in Android 6.0 — FingerprintManager. Now in Android 9.0 it is deprecated and Google encourages us to use a new API — BiometricPrompt.

Let’s compare those components and see what’s changed.

FingerprintManager in action

FingerprintManager is a simple service. It is responsible for coordinating access to the fingerprint scanner hardware. In order to use it we need to:

Add permission to AndroidManifest.xml:

<uses-permission android:name="android.permission.USE_FINGERPRINT"/>

The permission has the protection level “normal” — so it is granted during app installation and not needed to be requested at runtime.

Obtain service instance from Context:

val fm = context.getSystemService(FingerprintManager::class.java)

FingerprintManager provides a simple API with just three public methods:

isHardwareDetected() — check if a device has a fingerprint scanner

— check if a device has a fingerprint scanner hasEnrolledFingerprints() — check if a user has added at least one fingerprint

— check if a user has added at least one fingerprint authenticate(crypto, cancel, flags, callback, handler) — start listening for the fingerprint authentication events

authenticate(...) method parameters description:

crypto — can be null, if a fingerprint is used in decryption then this object should contain a proper cipher

— can be null, if a fingerprint is used in decryption then this object should contain a proper cipher cancel — this object can stop the listening on the authentication events

— this object can stop the listening on the authentication events flags — should be 0, optional flags

— should be 0, optional flags callback — this object will receive authentication events

— this object will receive authentication events handler — can be null, optional handler to handle authentication events

What is missing in FingerprintManager is the UI part — the app needs to build and manage its own UI in order to inform a user that they need to scan their fingerprint. Google has provided some guidelines on how the UI should look and they’ve even prepared a sample implementation. If you still want to use this feature in your app you need to:

Design UI, prepare icons, implement fingerprint dialog, manage its state, add custom error handling, add some animations

Find some 3rd party library which will make it for you

Copy and paste the code from Google sample

None of these solutions are perfect for implementing strictly specified and repeatable functionality such as fingerprint scanning.