With the introduction of Google's Fingerprint Authentication API, the worlds most rife mobile OS has place its weight behind the move towards fingerprint authentication.

With this API, Google has created a native approach for fingerprint authentication across all devices of Android. Developers will currently certify their users on associate degree app-by-app basis for everything from mobile purchases to app sign-in screens and additional with simply the faucet of a finger. There are solely 3 needs for a use to be eligible.

1.The user's device should have a fingerprint reader 

2. The user's device should be running Android 6.0 Marshmallow having API 23 or greater.

Api overview

The fingerprintmanager class coordinates all access to the fingerprint hardware. Using fingerprintmanager we can check for device support, attempt authentication, and handle any successful or failed authentication attempts appropriately. The first thing we'll need when implementing fingerprint authentication is an instance of fingerprintmanager. This is a system-level service, so we need to call context's getsystemservice(string)method, passing in the context.fingerprint_service constant.

Fingerprintmanager fingerprintmanager = (fingerprintmanager) context.getsystemservice(context.fingerprint_service);

Checking for support

Now with our fingerprintmanager instance, it's very simple to determine if the requirements mentioned at the beginning of this post are satisfied. First we can callishardwaredetected()to receive a boolean indicating if the device has a fingerprint reader. If this returns false we'll need to authenticate our user some other way. Ifishardwaredetected()returns true, we'll next need to callhasenrolledfingerprints()to verify that the user has registered at least one fingerprint on the device. Even if the device has the necessary hardware, we can't authenticate a user's fingerprint if we don't have a registered one to compare against.

If (!fingerprintmanager.ishardwaredetected()) {

 // device doesn't support fingerprint authentication

} else if (!fingerprintmanager.hasenrolledfingerprints()) {

 // user hasn't enrolled any fingerprints to authenticate with

} else {

 // everything is ready for fingerprint authentication

}

At this point you may have noticed we skipped the api 23+ requirement. Those lucky few of you with a minsdk of 23 or greater obviously won't have to worry about this, but for the rest of us there are two approaches - we can either check our build.version value, or we can leverage the support library. We'll explore these in more depth a little bit later.

Authenticating

Assuming all of the requirements are satisfied, we're ready to authenticate. This is done by calling fingerprintmanager's authenticate(cryptoobject, cancellationsignal, int, authenticationcallback, handler) method. Lets break down what each of these parameters does for us.

Cryptoobject

Also introduced in android 6.0 to support fingerprintmanager,cryptoobject is a wrapper class for the crypto objects supported by fingerprintmanager. These currently includesignature,cipher, and mac. Among the security improvements in marshmallow, google introduced some new keystore features. One of these features is the ability to generate a key using key generator that requires the user to authentication before keystore will allow the key to be used. Leveraging this secure key with our crypto object, we can create a secure method of authentication.

Backwards compatibility

Most of us will want our apps to support versions of android earlier than 6.0. There are two approaches i can recommend for this: we can use build.version checks to ensure we only use these apis on devices that support it, or we can leverage the support library. You're likely already familiar with build.version checks, so lets focus on how we can use the support library to make our implementation cleaner and safer.

Android's v4 support library includes compatibility versions of many of the fingerprint classes introduced in marshmallow. On versions of android below 6.0, these classes will act as though they are on a device that does not have fingerprint hardware. Happily, this eliminates the need to liter our code with build.version checks and @targetapi annotations. As of revision 23, the v4 support library includes fingerprintmanagercompat and all of its nested classes -authenticationcallback,authenticationresult, andcryptoobject. Additionally there is a support version of cancellationsignal.

Remembering credentials is a hassle. This is made worse on mobile devices by the need to input these values on small touch screens. Users dislike this experience so much that they resort to things like using “password" or “123456" as their credentials.

Implemented correctly, fingerprint authentication gives us an opportunity to turn this poor user experience into a secure and exciting feature.