Android Fingerprint only allows 5 attempts at a period of time

Question

I am developing an Android App that requires fingerprint to open an Activity. I just noticed when I unlock my phone using my fingerprint, the number of attempts to scan a fingerprint in my app only becomes 4.

For example:

Phone is unlocked
Unlock phone using fingerprint
Open my fingerprint app
Cannot attempt to scan a fingerprint more than 4 times

Another scenario:

Fingerprint app is open
Only 5 attempts will be accepted, app will no longer attempt to scan a fingerprint
Wait for a period of time, again, only 5 attempts within a duration will be accepted

Is there a workaround for this?

score 6 · Accepted Answer · edited Oct 19 '17 at 07:55

6

I did some research and found the Android 6.0 Compatibility Definition Document.

This was stated under the Fingerprint Sensor section:

Device implementations with a secure lock screen SHOULD include a fingerprint sensor. If a device implementation includes a fingerprint sensor and has a corresponding API for third-party developers, it:

MUST rate limit attempts for at least 30 seconds after 5 false trials for fingerprint verification.

So.. I guess there's no workaround for this at the moment.

edited Oct 19 '17 at 07:55

Michał Tajchert

10,333
4
30
47

answered May 11 '16 at 03:36

Dale Julian

1,560
18
35

1

Corrent document link is here -> https://source.android.com/compatibility/6.0/android-6.0-cdd#7_3_10_fingeprint – Michał Tajchert Oct 19 '17 at 07:54
1

shortly: maximum = 5 false trials Thanks – Ahmed Nabil Dec 18 '18 at 08:46
> [C-1-5] MUST rate limit attempts for at least 30 seconds after five false trials for fingerprint verification. https://source.android.com/compatibility/android-cdd#7_3_10_1_fingerprint_sensors – Keisuke KATO Jun 04 '19 at 03:47

score 3 · Answer 2 · answered Oct 28 '20 at 04:41

Came across this stackoverflow when searching for the same issue I was having.

Anyways, with the latest API BiometricPrompt, we can now customize the behavior by overriding the AuthenticationCallback

BiometricPrompt.AuthenticationCallback() {
    override fun onAuthenticationError(
        errorCode: Int,
        errString: CharSequence
    ) {
        super.onAuthenticationError(errorCode, errString)
    }

    override fun onAuthenticationSucceeded(
        result: BiometricPrompt.AuthenticationResult
    ) {
        super.onAuthenticationSucceeded(result)
    }

    // called when an attempt to authenticate with biometrics fails
    // i.e. invalid fingerprint
    override fun onAuthenticationFailed() {
        super.onAuthenticationFailed()
        // keep track of a counter here and decide when to dismiss the dialog
        biometricPrompt?.cancelAuthentication()
    }
}

Android Fingerprint only allows 5 attempts at a period of time

2 Answers2