4

We want to use the in-built fingerprint sensor to capture fingerprint. We don't want to validate it or run a fingerprint matching algorithm. We just want the fingerprint data which will be sent to the server for storage purposes(even here we don't have to validate it or run a fingerprint matching algorithm). The fingerprint will only be stored as a reference.

I know that we cannot get fingerprint data from the fingerprint sensor. We can only get it to validate the users when making payments. I also know that we cannot get accurate fingerprint from the touch screen and camera.

We do not want to use external fingerprint sensor hardware at the moment (it's the last resort).

My argument here is that we don't want to get the stored fingerprint data of the user. So, when the phone is an unlocked state, can we get the fingerprint data of any other user in the app.

halfer
  • 19,824
  • 17
  • 99
  • 186
prash32
  • 75
  • 1
  • 8
  • 1
    You've listed many things you don't want to do. Can you clarify what it is you DO want to do? – degs Jan 30 '17 at 06:22
  • Sorry to have not been able to explain properly. Our users will be on the field providing services to the general people. I want to have a record that the person was actually there himself to provide the service by using his finger print. There will be a booth where all the users will come from time to time to scan their finger and let us know that they have provided a particular service. – prash32 Jan 30 '17 at 06:34
  • Procure a fingerprint reader scanner which you can interface with your Android device via a USB port then integrate it with the Android app you build for fingerprint authentication. – Joseph Feb 01 '17 at 20:33

1 Answers1

4

Android fingerprint authentication is designed specifically to make it impossible to do what you want. From android website:

Thus, raw images and processed fingerprint features must not be passed in untrusted memory. All such biometric data needs to be secured within sensor hardware or trusted memory. (Memory inside the TEE is considered as trusted memory; memory outside the TEE is considered untrusted.)

So the simpliest way - use external sensor.

Dmitrii Nechepurenko
  • 1,414
  • 1
  • 11
  • 13
  • Yes, I have proposed my client to use an external sensor which has an Android SDK. But, was trying to save clients cost by looking at other options. It is sad that we can't use finger print sensor data when the device is already unlocked. – prash32 Jan 30 '17 at 08:32
  • @prash32 Could you please let me know the integration tutorials for implementing an external sensor that has an Android SDK? – sommesh Jan 09 '20 at 05:16