Here are the requirements for fingerprint sensors in Marshmallow

  • Thread starter Thread starter Brent D'Alessandro
  • Start date Start date
B

Brent D'Alessandro

Guest
The new Nexus phones are out and everyone seems to be really liking the fingerprint readers in them. However, fingerprint sensors will soon be coming to many other Android phones, but will people find them just as nice to use?

Luckily for other manufactures, Google has laid out all new fingerprint sensor rules for them to make sure everything works correctly with Marshmallow. All they have to do is read Google’s Marshmallow Compatibility Definition Document (CDD). Google does not force manufactures to use fingerprint sensors on their new devices, but they do strongly encourage it.


7.3.10. Fingerprint Sensor
Device implementations with a secure lock screen SHOULD include a fingerprint sensor. If a device implementation includes a fingerprint sensor and has a corresponding API for third-party developers, it:

  • MUST declare support for the android.hardware.fingerprint feature.

  • MUST fully implement the corresponding API as described in the Android SDK documentation [Resources, 95].

  • MUST have a false acceptance rate not higher than 0.002%.

  • Is STRONGLY RECOMMENDED to have a false rejection rate not higher than 10%, and a latency from when the fingerprint sensor is touched until the screen is unlocked below 1 second, for 1 enrolled finger.

  • MUST rate limit attempts for at least 30 seconds after 5 false trials for fingerprint verification.

  • MUST have a hardware-backed keystore implementation, and perform the fingerprint matching in a Trusted Execution Environment (TEE) or on a chip with a secure channel to the TEE.

  • MUST have all identifiable fingerprint data encrypted and cryptographically authenticated such that they cannot be acquired, read or altered outside of the Trusted Execution Environment (TEE) as documented in the implementation guidelines on the Android Open Source Project site [Resources, 96].

  • MUST prevent adding a fingerprint without first establishing a chain of trust by having the user confirm existing or add a new device credential (PIN/pattern/password) using the TEE as implemented in the Android Open Source project.

  • MUST NOT enable 3rd-party applications to distinguish between individual fingerprints.

  • MUST honor the DevicePolicyManager.KEYGUARD_DISABLE_FINGERPRINT flag.

  • MUST, when upgraded from a version earlier than Android 6.0, have the fingerprint data securely migrated to meet the above requirements or removed.

  • SHOULD use the Android Fingerprint icon provided in the Android Open Source Project.

Of course, the most important part is everything stays secure. There are hardware and software that must be used in order to use Google’s fingerprint sensor system. This also includes older versions of Android that move to Android 6.0 Marshmallow updating their fingerprint data or it will be wiped from the device. Possibly meaning current devices with fingerprint sensors might ask you to set it up again after the update.

Source: Android 6.0 Compatibility Definition Document (PDF)
Via: Android Police


Come comment on this article: Here are the requirements for fingerprint sensors in Marshmallow

0f6d44bcf7eeb1601ab4acc4e188bfb9._.gif


News via TalkAndroid
 

Similar threads

Z
Qualcomm’s new fingerprint sensors work through displays, water, and even metal
Replies
0
Views
13
Zach Epstein
Z
J
Google breaks fingerprint sensor for Pixel, Nexus phones with latest Android Nougat update
Replies
0
Views
26
Jeff Causey
J
C
The next iPhone’s fingerprint sensor could be like nothing you’ve ever seen
Replies
0
Views
16
Chris Smith
C
M
If you drive for Uber, you need a dash cam – here are Amazon’s 5 best-selling models
Replies
0
Views
12
Maren Estrada
M
D
Bank of America app gains fingerprint sign-in thanks to Google’s Marshmallow API
Replies
0
Views
40
Doug Demagistris
D
Back
Top