A Guide to Implement Biometric Authentication

Rahul Ray
Rahul Ray
Jan 12 · 5 min read

To make user experience smoother many apps are moving towards biometric login instead of traditional username and password based process.

By using biometric login, instead of having to remember an account username and password every time to open your app, users can just use their biometric credentials to confirm their presence and authorize access to the private content.

How Biometric Authentication works

In username-password authentication, the app sends the credentials to a server and then the server generates and returns a token for that particular user which will be used to login in the app.

In the case of biometric, things get little bit different. This time also you will have to use username-password and get a token from the server but the token will be encrypted using a secret key backed up by the user’s biometrics and then it will be stored in the memory of the app. Next time the user needs to login, instead of asking the server for the token, the stored token will be decrypted using their biometrics.

Now let’s start writing some code!

Start by creating a new project in Android studio with an Empty activity.

In your build.gradle file of the app module, add the following gradle dependency.

We will create a CryptographyManager interface to handle encryption, decryption and storage of the user token.

Here we have declared functions for initiliazation of encryption/decryption, encryption/decryption of data and storing of Ciphers with the respective parameters.

Now we will create an implementation class for this interface. In this class we will override each function and give them implementations one by one.

Firstly, we will define variables which we will be using in our implementations.

Override the getInitializedCipherForEncryption() method followed by getOrCreateSecretKey() and getCipher() functions as follows:

Firts we created a Cipher using a transformation string. Then we generated a secret key using the keyname passed as a parameter.

In the getOrCreateSecretKey() function we used Android Keystore which lets you store cryptographic keys in a container to make it more difficult to extract from the device. To generate key we used KeyGenParameterSpec.Builder to define some params. Then we generate a KeyGenerator using AES (Advanced Encryption Standard) algorithm and Android Keystore. Then we initialize the keygenerator with the defined params and return the generated key.

override getInitializedCipherForDecryption() method

In this function again we will get the cipher and secret key from the method defined above. This time we will initialize the cipher in the decryption mode using Galois/Counter Mode (GCM) mode.

override encryptData and decryptData functions.

The encryptData() function takes a string and a cipher as parameters and returns a CipherTextWrapper() (which is a data class to wrap cipher text and initialization vector that we will create next).

Similarly decryptData function takes a byte array and a cipher to decrypt and return a string.

Before moving ahead we will create a CipherTextWrapper class.

I have also override the equals() and hashcode() as recommended by Android studio.

Now let’s override the remaining functions

These functions are responsible for saving and retrieving CipherTextWrapper from SharedPreferences.

Now let’s look at the complete CryptographyManagerImpl class

To get an instance of this private CryptographyManagerImpl class, we will use the top level function

Now we will create a BiometricPromptUtils class. This file contains two functions. First is createBiometricPrompt which returns a BiometricPrompt

This function takes activity and BiometricPrompt.AuthenticationResult. We have implemented BiometricPrompt.AuthenticationCallback for various states of authentication like failure, error and success. Then we return a BiometricPrompt by passing activity,main executor and authentication callback to it.

Next we have createPromptInfo() which returns a BiometricPrompt.PromptInfo

This function takes an activity as a parameter. It is responsible for building a prompt with various params like title, subtitle, description, etc.

Next, we will be creating a Constants.kt file to define some constants.

Now we will setup login functionality with a sample user

First create a sample user object

Then we will create class to define states of login form

Then create a data class for defining result of login

Then build all business logic in LoginViewModel. In this class we will build all our logic for login with validation and create a sample user with a fake token.

Now, create a layout file activity_login.xml

Now, we will create LoginActivity and implement biometric authentication

First we will declare some global variable which will be required in future

Setup onCreate() method

Here, first we check if the device can authenticate using Biometric or not. If it can then we check if there is any CipherTextWrapper present in the memory or not. If it is present then we call for showing biometric prompt for decryption otherwise we take the user to create a biometric credential in the EnableBiometricLoginActivity class. After that we again check for CipherTextWrapper to handle username-password based login.

Next we will define showBiometricPromptForDecryption() method followed by decryptTokenFromStorage() method

Here first we will get a cipher for decryption from cryptographyManager. Then create a biometric prompt using createBiometricPromt(). Now if the authetication succeeded then get a AuthenticationResult object returned from it. Using that object we can decrypt CipherText in CipherTextWrapper and get the decrypted token and assign it to user. After that we can update the status of user as per our use case.

Define the setupForLoginWithPassword() method

This method observes on the login state and result to update the UI.

Now we will update onResume() method to check whether biometric prompt needs to be shown or not.

Now, we will implement EnableBiometricLoginActivity to enable biometric encrytion with the token.

First of all, let’s declare some global variables which will be needed in future

Now in onCreate() we will handle all the observers of login states and result to update the UI.

Upon success login showBiometricPromptForEncryption() function will be called to encrypt biometric with the token which will be dicussed next.

This function first checks if the device can authenticate using biometric or not. If it does, it creates a BiometricPrompt for encryption and upon authentication succeeded it encrypts and store the token in the sharedpreferences using encryptAndStoreToken() function.

encryptAndStoreToken() function takes AuthenticationResult as a parameter and using that it encrypts and saves toke in the memory in the form of CipherTextWrapper.

Now build and run your app. I have attached a demo of the app below.

Congrats 🎉! You have successfully implemented Biometric authentication in your app.

For complete code reference checkout this Github repository

The Startup

Get smarter at building your thing. Join The Startup’s +788K followers.

Sign up for Top 10 Stories

By The Startup

Get smarter at building your thing. Subscribe to receive The Startup's top 10 most read stories — delivered straight into your inbox, once a week. Take a look.

By signing up, you will create a Medium account if you don’t already have one. Review our Privacy Policy for more information about our privacy practices.

Check your inbox
Medium sent you an email at to complete your subscription.

The Startup

Get smarter at building your thing. Follow to join The Startup’s +8 million monthly readers & +788K followers.

Rahul Ray

Written by

Rahul Ray

Android app developer at ManthonGo. Persuing M.sc. Informatics at Institute of informatics and Communication (IIC), University of Delhi

The Startup

Get smarter at building your thing. Follow to join The Startup’s +8 million monthly readers & +788K followers.

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store