BiometricPromptCompat:禁用 Iris/Face 识别(仅允许指纹)
BiometricPromptCompat: Disable Iris/Face recognition (only allow fingerprints)
我有一个应用程序使用 BiometricPrompt 来实现基于生物识别的身份验证。我注意到有些设备提供 Iris/Face 识别作为指纹扫描的一个选项。
我希望我的应用程序只允许指纹扫描。有可能只允许这个吗?或者,是否可以确定用户选择的身份验证方法,以便我可以在回调代码中拒绝该请求?
在 authenticate 方法中传递 CryptoObject 以启用强身份验证。
在Android中,face/Iris和Fingerprint.
有不同的措施
根据最新的 Android 生物识别 API 文档,没有办法只允许指纹扫描。
我的担心是无效的
这是官方话:
While both strong and weak biometrics will be allowed to unlock a
device, weak biometrics:
Require the user to re-enter their primary PIN, pattern, password or a
strong biometric to unlock a device after a 4-hour window of
inactivity, such as when left at a desk or charger. This is in
addition to the 72-hour timeout that is enforced for both strong and
weak biometrics.
Are not supported by the forthcoming BiometricPrompt
API, a common API for app developers to securely authenticate users on
a device in a modality-agnostic way.
Can't authenticate payments or
participate in other transactions that involve a KeyStore auth-bound
key.
Must show users a warning that articulates the risks of using the
biometric before it can be enabled.
These measures are intended to
allow weaker biometrics, while reducing the risk of unauthorized
access.
https://android-developers.googleblog.com/2018/06/better-biometrics-in-android-p.html
我有一个应用程序使用 BiometricPrompt 来实现基于生物识别的身份验证。我注意到有些设备提供 Iris/Face 识别作为指纹扫描的一个选项。
我希望我的应用程序只允许指纹扫描。有可能只允许这个吗?或者,是否可以确定用户选择的身份验证方法,以便我可以在回调代码中拒绝该请求?
在 authenticate 方法中传递 CryptoObject 以启用强身份验证。
在Android中,face/Iris和Fingerprint.
根据最新的 Android 生物识别 API 文档,没有办法只允许指纹扫描。
我的担心是无效的
这是官方话:
While both strong and weak biometrics will be allowed to unlock a device, weak biometrics:
Require the user to re-enter their primary PIN, pattern, password or a strong biometric to unlock a device after a 4-hour window of inactivity, such as when left at a desk or charger. This is in addition to the 72-hour timeout that is enforced for both strong and weak biometrics.
Are not supported by the forthcoming BiometricPrompt API, a common API for app developers to securely authenticate users on a device in a modality-agnostic way.
Can't authenticate payments or participate in other transactions that involve a KeyStore auth-bound key.
Must show users a warning that articulates the risks of using the biometric before it can be enabled.
These measures are intended to allow weaker biometrics, while reducing the risk of unauthorized access.
https://android-developers.googleblog.com/2018/06/better-biometrics-in-android-p.html