Android Fingerprint API for App Developers
The following guest post was submitted by IndianAppDevelopers.com
Android fingerprint API launched with Android 6.0 will offer a bevy of useful features to integrate new authentication technology for app developers with the apps. To implement this API in your new Android app you need to get the Android SDK first. The SDK Manager then will allow you to download the SDK platform for Android 6.0 and introduce necessary steps. As part of the launching process, Android has also come up with new sample to demonstrate and guide the developers in integrating the API with the fingerprint readers in various devices.
Addressing security concerns
Beating the so-called security concerns over the use of fingerprint technology in mobile transaction Android has revealed how the new API offers protective measures for maintaining privacy. The new API as revealed will protect the critical app lock fingerprint features by keeping them in the secure device hardware.
Authentication and security measures with the new API
Android also expressed future plans to come with measures that can help to identify fingerprint of users just before allowing access to critical resources and data. These identification measures would help to protect against all malicious intrusions and tampered applications by ensuring cryptographic level security for all types of transactions and access to offline data and online interactions. This hardware-level protection of critical data offers full proof protection against all malicious actions and security threats making it safe for the users to use their fingerprints.
As soon as any user turns on the fingerprint reader in the device, the cryptographic vault in the device hardware containing the secure information gets unlocked. Now developers can choose from diverse information to be stored in that vault. Last month Google also regulated the minimum device level requirements that manufacturers must comply with to integrate fingerprint sensors in devices running on Android OS.
Use of symmetric and asymmetric Keys
Developers can use both symmetric and asymmetric keys as per their type of files and priority of protective measures.
Symmetric keys: These keys are more like passwords that help to encrypt local device data to regulate access to specific files and data. For protecting offline files and databases this provides a good security measure.
Asymmetric keys: This key comprises a pair of keys, respectively a private and a public key While the public can be stored on the remote server and can be accessed in times of need via the internet the private device stored key is used as the secondary verification in conjunction with the public key. Thus a signature or fingerprint stored in the device can be verified by the public key before allowing access. This makes security measures less prone to device-specific security vulnerabilities. Asymmetric keys can be used for authentication and sign in for network services and transaction channels. Asymmetric keys can also be used to encrypt device data to allow access after verifying with the public key in conjunction with the device stored the private key. In the present context of authenticating with Google fingerprint API, developers can utilize asymmetric key to the highest advantage as a security protocol.
As mobile payment is continuing to be popular the developers will find an array of ways to integrate new Android fingerprint API with mobile apps performing transactions and containing critical data.
Juned Ahmed is an IT consultant and blogger at IndianAppDevelopers.com; leading Android app development company, He enjoys writing on mobile technologies at various blog & magazines.