Android 10 生物识别管理器安全
Android 10 Biometric Manager Security
Android 自 2019 年底开始弃用 FingerprintManager,转而使用 BiometricManager。此次更新对开发人员和设计人员来说是个好消息,因为他们不需要解决很多繁琐的生物识别设计和行为问题。
然而...
- 这可以防止开发人员避免安全性较低的生物识别选项,唯一的解决方法似乎是回退到使用 FingerprintManager 以确保使用安全的身份验证方法。恰当的例子:与苹果不同,三星没有正确解决面部识别问题,安全问题迫使公司不承认所有生物识别技术都同样安全。
Manufacturers like Samsung warn you about-face recognition not being a
strong check as the device can be tricked with a picture. What if you
are developing a banking app and concerned about the security and
reliability of these new biometric authentication methods? What if you
are designing and building an app that has to work just with
fingerprints? Then the FingerprintManager comes into play.
However, if you are concerned about the security of these new
biometrics or have a design constraint and you want to restrict the
biometric authentication to use just fingerprints, your best solution
is to use the deprecated FingerprintManager.
- 在其他新闻中,Pixel 4 不支持指纹认证,而是实施了安全的面部识别技术,可以被各种银行应用程序使用,包括 Google 支付等
https://www.androidcentral.com/why-google-dropped-fingerprint-sensor-and-why-thats-bad-thing
As you reach for Pixel 4, Soli proactively turns on the face unlock
sensors, recognizing that you may want to unlock your phone. If the
face unlock sensors and algorithms recognize you, the phone will open
as you pick it up, all in one motion. Better yet, face unlock works in
almost any orientation—even if you're holding it upside down—and you
can use it for secure payments and app authentication too.
新的最佳实践和更新的手机听起来不错,但是当各种 OEM 实施不安全的生物识别技术时,这会使事情变得复杂。作为应用程序开发人员,我们应该如何处理这个难题?
从 Android 11 开始,我们可以检查 BiometricManager.Authenticators 定义的生物认证强度。验证器定义生物特征是强还是弱。
您可以在下面了解更多link
BiometricManager.Authenticators
目前只有 Android 11 的开发者预览 out.So 不确定生物识别的最终版本会怎样。
引自 Android 开发者博客,
您可以在此处详细了解开发者预览中的功能,
Authentificators interface 具有定义生物特征是弱还是强的常量。
Android 自 2019 年底开始弃用 FingerprintManager,转而使用 BiometricManager。此次更新对开发人员和设计人员来说是个好消息,因为他们不需要解决很多繁琐的生物识别设计和行为问题。
然而...
- 这可以防止开发人员避免安全性较低的生物识别选项,唯一的解决方法似乎是回退到使用 FingerprintManager 以确保使用安全的身份验证方法。恰当的例子:与苹果不同,三星没有正确解决面部识别问题,安全问题迫使公司不承认所有生物识别技术都同样安全。
Manufacturers like Samsung warn you about-face recognition not being a strong check as the device can be tricked with a picture. What if you are developing a banking app and concerned about the security and reliability of these new biometric authentication methods? What if you are designing and building an app that has to work just with fingerprints? Then the FingerprintManager comes into play.
However, if you are concerned about the security of these new biometrics or have a design constraint and you want to restrict the biometric authentication to use just fingerprints, your best solution is to use the deprecated FingerprintManager.
- 在其他新闻中,Pixel 4 不支持指纹认证,而是实施了安全的面部识别技术,可以被各种银行应用程序使用,包括 Google 支付等
https://www.androidcentral.com/why-google-dropped-fingerprint-sensor-and-why-thats-bad-thing
As you reach for Pixel 4, Soli proactively turns on the face unlock sensors, recognizing that you may want to unlock your phone. If the face unlock sensors and algorithms recognize you, the phone will open as you pick it up, all in one motion. Better yet, face unlock works in almost any orientation—even if you're holding it upside down—and you can use it for secure payments and app authentication too.
新的最佳实践和更新的手机听起来不错,但是当各种 OEM 实施不安全的生物识别技术时,这会使事情变得复杂。作为应用程序开发人员,我们应该如何处理这个难题?
从 Android 11 开始,我们可以检查 BiometricManager.Authenticators 定义的生物认证强度。验证器定义生物特征是强还是弱。
您可以在下面了解更多link
BiometricManager.Authenticators
目前只有 Android 11 的开发者预览 out.So 不确定生物识别的最终版本会怎样。
引自 Android 开发者博客,
您可以在此处详细了解开发者预览中的功能,
Authentificators interface 具有定义生物特征是弱还是强的常量。