| Technique summary | |
| Technique | Biometric authentication |
| Against | Clickers, disk attacks |
| Limitations | Only devices where biometric authentication is available and turned on |
| Side effects | None |
| Recommendations | A great technique for authentication, however not effective at deterring malware when used on its own |
During crucial application workflows, such as confirming a bank transfer, it is recommended to use biometrics as an added layer of security.
Unlike entering a passcode, accessibility services cannot verify any biometric actions. If your platform provides the option to add a description to the biometric screen, it is advisable to use it, as the system prohibits any services from tampering with it.
Example of biometric authentication being used in an application
Find more information and instruction for use of biometric authentication in the Google Developers documentation.
Residual risks
Malware that has device admin privileges or an accessibility service can disable the use of biometric authentication on the device globally. Therefore, other protections against malicious accessibility services apply.
Table of contents
