Comparing Huawei FIDO Biometric Authentication to Android Biometric Library
Introduction
Greetings dear reader,
In this article, I will explain 2 possible ways you can add biometrics authentication to your Android app. Huawei FIDO (Fast Identity Online) provides biometric authentication in forms of fingerprint and facial recognition. But what is the difference between Huawei FIDO and Android Biometric library? What advantages and disadvantages do they have over each other?
Huawei FIDO
Huawei FIDO is a kit designed to provide you with FIDO2 client capabilities that are based on the WebAuthn standards alongside biometric authentication capabilities such as fingerprint and facial recognition. Huawei FIDO comes with a system integrity check API, which confirms that the device you are using is secure and isn’t compromised. Please do note that Huawei FIDO is officially supported only on Huawei phones and is not guaranteed to run on non-Huawei devices.
Huawei FIDO provides two SDKs for fingerprint authentication capabilities:
-BioAuthn
-BioAuthn-AndroidX
The main difference between these two SDKs is that the AndroidX SDK provides you with ready to use user interface for fingerprint authentication and does not require a custom user interface, meanwhile BioAuthn SDK does not provide such an user interface and the developer needs to design their own user interface for fingerprint authentication. We will be using the AndoidX SDK in this article.
Use case scenarios for Huawei FIDO usually require the user to be the physical owner of the device, such as signing-in, payment confirmation or other sensitive data.
Android Biometric Library
Android Biometric Library is an evolution of the FingerPrintManager introduced in Android 6, allowing devices that run on Android 10 or higher to allow various biometrics such as user’s face, fingerprints or iris’ to be used as authentication objects and not be limited to fingerprints.
Coding
To keep the article simple, we will skip some of the integration steps. If you wish to learn more about integration of kits provided by Huawei, you can follow the link under the References title.
1. Integrating the SDK
Add the SDK to your App-level build.gradle file:
2. Using the code blocks
Before we start using device sensors to authenticate our biometric data, we need to make sure our device has biometric support and those sensors are available:
One thing to note here is that AndroidX Biometric library provides a singular manager in the form of BiometricManager. You use canAuthenticate() method with BIOMETRIC_STRONG or BIOMETRIC_WEAK parameters. These can be simplified to more or less trustworthy authentication ways. On the contrary, Huawei FIDO provides two different managers for fingerprint and facial authentication. This allows you to easily choose which one you want to use or disable. Please note that facial authentication is only supported on devices that run on API level 29 and support facial authentication. Some devices may not support facial authentication.
For the authentication process, you first need to create a callback object which will run the corresponding interface based on the result of the authentication API. Then, you will use this callback object as a parameter in your prompt class’ constructor:
Create and initialize your Prompt instance:
Create an Info builder instance and customize the pop-up window as required. You are now ready to use your desired authentication method:
You will notice that Huawei FIDO’s facial authentication is a bit different than its fingerprint authentication, that’s because it does not provide a ready to use user interface pop-up like fingerprint authentication does.
Notice the boolean we are setting to in line 69. This will allow the users to use their device PIN or pattern to authenticate instead. On the other hand, AndroidX Biometrics library does not provide you this functionality without manually checking for device security and API version.
builder.setDeviceCredentialAllowed(true)Finally, calling the authentication functions except for facial authentication will result in a pop-up looking like this:
Conclusion
And that’s it, you have successfully added fingerprint authentication to your app using either AndroidX Biometrics or Huawei FIDO. They are both robust, reliable and their usage very similar to each other. Android Biometric Library requires a bit more case handling while Huawei FIDO is easier to setup and use. For example, it is more difficult for the developer to force a facial authentication in Android Biometric Librarycompared to Huawei FIDO, but that is a privacy and reliability concern which is out of the scope of this article.
If you wish to have even more security, you can use a CryptoObject as well, which is your authentication keystore stored on your device. That way, the scan isn’t on your memory and only your application can access the fingerprint, making sure the fingerprint keystore is safe and sound alongside the system integrity check.
For more information regarding the usage of CryptoObject and other capabilities provided by both the Huawei FIDO Kit and Android Biometric Library or their drawbacks, you can visit their respective official documentations in the references section below.
Thank you for your time, and have a good day!
