5

I'm developing an app, that requests user to login (email/password) before being able to proceed to the rest of the app.

I implemented fingerprint scanning and the code correctly validates that the finger print is one of the ones enrolled on the device authorization fingerprints list.

My issue is that I want to be able to associate both situations, something like the user logging in with email/password, then goes to a screen where he can associate is fingerprint with the account he just logged in, and then in the future whenever he logged with the fingerprint on the app, the app would send some kind of unique key representing the fingerprint to the server, and the server would know that such key matched the key of such user (saved previously when associated fingerprint with account) and returned the info of that user.

From what I researched it seems that it's not possible to associate specific fingerprint since they are associated with the device, but working as an authentication for the device would work also, since we assume that only one user uses that specific phone, and even if different persons have access to the phone, and have theirs fingerprints enrolled as allowed, the app would always login using the same user.

In order to be able to have this behavior I need some kind of unique unchanged key that would represent an user/fingerprint. Is it possible? When receiving the response on onAuthenticationSucceeded, could I retrieve that information from the AuthenticationResult ?

Thanks in advance.

Pmsc
  • 318
  • 1
  • 4
  • 12
  • Possible duplicate of [Understanding Android Fingerprint API authenticate() in depth](http://stackoverflow.com/questions/37804791/understanding-android-fingerprint-api-authenticate-in-depth) – LaurentY Apr 13 '17 at 13:01
  • Do you find any solution to your issue? i am facing similar problem search everything read everything still did't get any proper solution please help. – Zar Saeed Apr 09 '18 at 07:21
  • @ZarSaeed , no I didn't found any solution yet, because afaik there's no such unique ID by design. It's not meant to exist and the fingerprint feature should work without knowing to what user that fingerprint belongs to, All it cares is that, that fingerprint is authorized by the device to perform that action. – Pmsc Apr 10 '18 at 08:23
  • hope the api provide solution to this scenario in future release. – Zar Saeed Apr 10 '18 at 08:36

1 Answers1

-2

The method below tells fingerprints apart. Use it at your own risk as this solution may not be supported in future updates.

/**
   * Obtain the Fingerprint associated with this operation. Applications are strongly
   * discouraged from associating specific fingers with specific applications or operations.
   *
   * @hide
   */
  public Fingerprint getFingerprint() { return mFingerprint; }

This method is not available publicly in the Api, therefore it should be accessed with Reflection.

Aydinozkan
  • 2,508
  • 2
  • 21
  • 26