I want to create an Android app that search by fingerprint for users.
Every user will have account, I want store the fingerprint of every user in database and when I read any fingerprint I will search in my database for user how has this fingerprint.
How I can do it using Android? Would Google Fingerprint API help me?
You cannot store fingerprint on database. Exactly you can't even get the fingerprint object, it's not possible. How fingerprint works on Android is to authenticate to the device (Android system).
Maybe you are asking why google doesn't provide the info about each user's fingerprint. It is because of security, if people can get the fingerprint object, people can crack the android system and hack into people's phone.
Related
I am currently following this guide: https://developer.android.com/training/sign-in/biometric-auth, and using android 11 to test it.
I want to use fingerprint authentication in my app, however the code from the link above works only with the fingerprint that is stored on the device. Meaning it doesn't work unless you have set up fingerprint authentication as your lock screen.
Is it possible to store fingerprint credentials in an android app which will be independent of the device's fingerprint?
Is it possible to store fingerprint credentials in an android app which will be independent of the device's fingerprint?
No, sorry, not with stock Android biometrics support.
I'm developing an android banking app and want users to stay logged in even after app is shut down. My idea to make this as secure as possible was to store a unique device id in the JWT and then extract the id from the token and compare it to the device id fetched from device at startup of app.
I would store the token in SharedPreferences, however, I just read that these device id's are not always unique due to people rooting they're phones. What would be the best solution? How can I be sure that the token I'm verifying at startup, is given to that user/device? I don't necessarily need to use device id's so any other secure option is welcome.
I don't think it's a good idea to have a persistable login session inside something as sensitive as banking app, but if you insist:
Use SafetyNet Attestation API for checking if the device you're running your app on is rooted and if it is, prevent the user from interacting. Once you did that just use regular SharedPreferences with Mode.PRIVATE and no one should be able to read this data outside of your app.
I am trying to login in Android app using Firebase Auth (phone).
It works perfectly when in debug apk.
But it does not work if the apk is signed (using the signature.jks file). and says : "Unknown error" in phone after input of phone number.
I looked through different question in Stack Overflow too but they suggest to add SHA key to playstore console. But that does not make sense. What if I want to publish the apks in amazon market or other android app market? Firebase forbids that?
Is there any solution to it? I must be missing a tiny point but I am lost to find it.
You don't need to add SHA-1 fingerprint of your release key to Google Play Console. But, to enable Firebase Authentication, you need to add it in Firebase Console. Follow the steps given here.
I am coming right now from solving this issue.
Each playstores impose their own SHA1 and SHA256 key. So grab that and go to your firebase console and add it there.
Voila it will work!!
I have enabled Google Drive API on Google Developer Console and created a service account credential which is bundled with a service account ID and key ID. Despite that I have tried various ways to manage my own Google Drive account, I could not find a solution which fits for my aim. I need to upload, download and delete the files stored in my own Google Drive. The application that I am going to connect Google Drive is a console one which will be solely used for an academic research.
it's pretty simple. The steps to achieve this are at How do I authorise an app (web or installed) without user intervention? (canonical ?)
Be careful about how securely the refresh token is being stored and what scopes you grant to the app.
I am developing one app in which user will be able to login with fingerprint. As far as I know the storage of fingerprint is local O.S dependent. If I want to achieve this through server end how can I make it work ?
Ex. If a user enter a user name, He or she will be asked to enter
password or use his finger print for login. Based on username and
fingerprint his/her desired role will be recognized.
Please add your valuable replies.
You're correct that the fingerprint data is completely handled by the OS. In fact, your app won't even be able to distinguish between the different enrolled fingerprints.
All you can do is help a faster login using the device enrolled fingerprints (although be aware that any enrolled fingerprint can be used for authenticating the user).
May be this Android Developer's blogpost can help with further details.