Android fingerprint detect new finger added

Question

How to detect if the user add new fingerprint to Android settings after he/she authenticate finger inside my application ?

i.e. iOS have something called (evaluatedPolicyDomainState) to detect changes in fingerprint catalog what is the alternative in Android ?

This require for security reasons to prompt password in this case

It's not possible in Android. – LaurentY Jun 14 '17 at 10:17 — LaurentY, Jun 14 '17 at 10:17
Thanks hope they support such thing soon – Sameer Jun 14 '17 at 10:32 — Sameer, Jun 14 '17 at 10:32

score 16 · Accepted Answer · answered Jul 05 '17 at 12:49

16

From the documentation for setUserAuthenticationRequired:

The key will become irreversibly invalidated once the secure lock screen is disabled (reconfigured to None, Swipe or other mode which does not authenticate the user) or when the secure lock screen is forcibly reset (e.g., by a Device Administrator). Additionally, if the key requires that user authentication takes place for every use of the key, it is also irreversibly invalidated once a new fingerprint is enrolled or once no more fingerprints are enrolled, unless setInvalidatedByBiometricEnrollment(boolean) is used to allow validity after enrollment. Attempts to initialize cryptographic operations using such keys will throw KeyPermanentlyInvalidatedException.

So to check if any new fingerprints have been enrolled since you created your fingerprint-associated key, just create a cipher with that key and try to init the cipher. If any new fingerprints have been enrolled, the init call should trigger a KeyPermanentlyInvalidatedException.

answered Jul 05 '17 at 12:49

Michael

57,169
9
80
125

Do you have link for article that describe details of the step – Sameer Sep 13 '17 at 05:03
I don't know of such an article. Just implement fingerprint authentication the way you normally would (I'm sure you can find tutorials for that with google) and make sure to handle all exception that the documentation says might be thrown. The one you're interested in for detecting if additional fingerprints have been enrolled is `KeyPermanentlyInvalidatedException`. – Michael Sep 13 '17 at 08:47
https://medium.com/@ghodasarabhaumik/android-fingerprint-enrolment-detection-detect-fingerprint-added-removed-68f8189766f9 – Bhaumik Ghodasara Oct 13 '22 at 10:59
THis doens't seem to work from Androd 9 Pie and bellow – htafoya Nov 17 '22 at 21:00

score 2 · Answer 2 · answered Nov 22 '18 at 01:46

I can get all finger id in integers.

private void getFingerprintInfo(Context context) 
{
    try {
        FingerprintManager fingerprintManager = (FingerprintManager) context.getSystemService(Context.FINGERPRINT_SERVICE);
        Method method = FingerprintManager.class.getDeclaredMethod("getEnrolledFingerprints");
        Object obj = method.invoke(fingerprintManager);

        if (obj != null) {
            Class<?> clazz = Class.forName("android.hardware.fingerprint.Fingerprint");
            Method getFingerId = clazz.getDeclaredMethod("getFingerId");

            for (int i = 0; i < ((List) obj).size(); i++)
            {
                Object item = ((List) obj).get(i);
                if(item != null)
                {
                    System.out.println("fkie4. fingerId: " + getFingerId.invoke(item));
                }
            }
        }
    } catch (NoSuchMethodException | IllegalAccessException | InvocationTargetException | ClassNotFoundException e) {
        e.printStackTrace();
    }
}

please refer to this: https://android.googlesource.com/platform/frameworks/base/+/master/core/java/android/hardware/fingerprint/Fingerprint.java

there is a public method getFingerId( ), but it is not available for us to call because it has "@UnsupportedAppUsage".

so you need to use reflection to call the method. after you get a list of fingerprint id, you can encrypt them and store in sharedPreference.

Finger id is the id of the fingerprints stored in setting

After you get all finger ids, you can determine if user has added/deleted a fingerprint.

No need to count on the KeyPermanentlyInvalidatedException. It is not thrown in Android 8.0

Good luck!!!...

don't believe google did such a poor job

I've tested it and it seems a nice approach so far but one using it should be aware about two things: (1) the sequential id generated by some vendors (check [here](https://issuetracker.google.com/issues/65578763#comment26) for more info) and, in addition to that, (2) the fact that `getEnrolledFingerprints` has sadly been greylisted (check [here](https://developer.android.com/distribute/best-practices/develop/restrictions-non-sdk-interfaces) for info), which means this won't work if your app targets API 29+. — gbazilio, Jun 24 '19 at 23:45
I want to add on what said gbazilio that `getFingerId()` not return a valid fingerId on Samsung devices, it return an index (1, 2, 3, ...) that can not be useful to check if a new fingerprint is added.
Also there are 4 other function that i tested but not very usefull like : `getName()` , `getGroupId()` , `getDeviceId()` and `describeContents()`.
The `getName()`may can be usefull if it is concatenated with index but the problem here is when you delete the last fingerprint saved and create other with the same name — Mohamed Ali Benmansour, Nov 07 '19 at 11:17
It seems the variable is modified in provided class. And can not be used anymore. :( — Navinpd, Jun 24 '20 at 08:42

score 0 · Answer 3 · answered Jul 19 '23 at 05:10

    private String getFingerprintInfo(Context context) throws NoSuchMethodException, IllegalAccessException, InvocationTargetException, ClassNotFoundException {
        FingerprintManager fingerprintManager = (FingerprintManager) context.getSystemService(Context.FINGERPRINT_SERVICE);
        Method method = FingerprintManager.class.getDeclaredMethod("getEnrolledFingerprints");
        Object obj = method.invoke(fingerprintManager);
        String allFingerPrintInfo = "";
        if (obj != null) {
            Class<?> clazz = Class.forName("android.hardware.fingerprint.Fingerprint");
            for (int i = 0; i < ((List) obj).size(); i++) {
                Object fingerPrint = ((List) obj).get(i);
                if (fingerPrint != null) {
                    String fingerPrintInfo = "";
                    if (Build.VERSION.SDK_INT > Build.VERSION_CODES.P) {
                        Parcel p = Parcel.obtain();
                        p.setDataPosition(0);
//                        Method writeToParcel = clazz.getDeclaredMethod("writeToParcel", Parcel.class, Integer.class);
                        clazz.getDeclaredMethods()[1].invoke(fingerPrint, p, 0);
                        p.setDataPosition(0);
                        fingerPrintInfo = p.readString() + "_" + p.readInt() + "_" + p.readLong();
                    } else {
                        Method getFingerId = clazz.getDeclaredMethod("getFingerId");
                        fingerPrintInfo = (String) getFingerId.invoke(fingerPrint);
                    }
                    allFingerPrintInfo += fingerPrintInfo + "*";
                }
            }

        }

        return allFingerPrintInfo;

    }

Your answer could be improved with additional supporting information. Please [edit] to add further details, such as citations or documentation, so that others can confirm that your answer is correct. You can find more information on how to write good answers [in the help center](/help/how-to-answer). — Community, Jul 23 '23 at 14:01

score -1 · Answer 4 · answered Apr 15 '21 at 09:35

/**
 * Generate NIST P-256 EC Key pair for signing and verification
 *
 * @param keyName
 * @param invalidatedByBiometricEnrollment
 * @return
 * @throws Exception
 */
@TargetApi(Build.VERSION_CODES.P)
private KeyPair generateKeyPair(String keyName, boolean invalidatedByBiometricEnrollment) throws Exception {
  KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(KeyProperties.KEY_ALGORITHM_EC, "AndroidKeyStore");
  KeyGenParameterSpec.Builder builder = new KeyGenParameterSpec.Builder(keyName,
      KeyProperties.PURPOSE_SIGN)
      .setAlgorithmParameterSpec(new ECGenParameterSpec("secp256r1"))
      .setDigests(KeyProperties.DIGEST_SHA256,
          KeyProperties.DIGEST_SHA384,
          KeyProperties.DIGEST_SHA512)
      // Require the user to authenticate with a biometric to authorize every use of the key
      .setUserAuthenticationRequired(true)
      .setInvalidatedByBiometricEnrollment(invalidatedByBiometricEnrollment);
  keyPairGenerator.initialize(builder.build());
  return keyPairGenerator.generateKeyPair();
}

score -4 · Answer 5 · answered Jul 03 '17 at 19:07

-4

You can't add new fingerprints from your app.

Inside your application you only have access to the Auth Fingerprint Method which checks against registered fingerprints through the keyStore.

answered Jul 03 '17 at 19:07

julien bouteloup

3,022
22
16

Needs more elaboration on how we can detect new fingerprint registration. – Jignesh May 31 '22 at 06:57

Android fingerprint detect new finger added

5 Answers5

Linked